Church Risk Management
What is a Risk Assessment, and how do you prepare one? Here's a step by step guide...
Risk management and risk assessments – these are terms which are frequently bandied about, and most churches and ministries have a general understanding that it is something important that must be done, but what does it really mean, and how do you go about preparing an appropriate risk assessment for your church or ministry activities?
In the past, some churches and ministries may have failed to protect their people and property, not because they were uncaring or not interested, but purely because the idea of risk management seemed onerous, time consuming or there was simply no one who knew how to navigate the process.
Unfortunately, we live in a less than perfect, material and sometimes hostile world, a world which is becoming increasingly litigious, and seeks to apportion blame to another party for all manner of losses. Society often places churches and ministries on a higher moral pedestal, therefore the duty of care to those entrusted to our care or who are participating in our programs is significantly increased.
Following is a step-by-step guide on how to prepare a risk assessment for your various ministry activities.
Overall Objective/Purpose
The overall purpose of a Risk Assessment is to outline a process to help the Church properly apply risk management to all risks and incidents that may have the potential to cause injury or damage and associated costs for your Church.
Definitions:
Risk:
The chance (likelihood or probability) of something happening that may have an adverse impact on the church, its congregation, activities and other personnel.
Risk Management:
A logical and systematic approach to managing the uncertainty regarding risk of injury, illness, loss and damage.
Specific Objectives
To help the Church to implement a Risk Management Strategy for the effective management of potential risks to church property, personnel, activities and objectives, it is recommended that the following steps are carried out.
The general idea and result of these steps is to produce a written list of risks and associated actions to improve current risk controls (commonly called a “risk register”).
This provides a systematic plan for risk management across all church operations and enables continuity of attention to church risks and control improvements should church personnel change in the meantime.
Step1: Identify the Risks
Church activities and operations encompass a wide range of possible risk exposures. It is therefore helpful to breakdown exposures into various categories or areas of risk and consider possible risks within each of these in turn.
Though risks could be categorised in many ways, some typical categories to help identify and scope a church’s potential risk exposures are, for example:
Risk Category | Covering, for example |
---|---|
Property | Risk of fire, flood, storm, damage to church buildings, other assets |
Public liability | Risk of injury or damage to people on church property, at church events, to tradesmen, to children on church grounds; as a result of unsafe food |
Professional | Breach of copyright, error in advice or inappropriate counselling, mismanagement of church business, misconduct, harassment |
Security | Risk of theft, vandalism or other attack on church property or personnel |
Social media | Risk of abuse, slander or vilification through internet and phone media |
Transport | Risk to people in church buses, cars; risk to transporting church goods |
Volunteer safety | Risks to volunteers (same as for church employees) |
Identifying and listing possible risks can then be done by observation and judgment – for example:
- A walk-through survey of church grounds and property, or event site
- Consulting with church employees
- Maintaining and reviewing records of incidents or accidents
- Examining manufacturer's instructions on chemicals, plant and equipment
- Using specialist risk practitioners where necessary;
- Asking ACS Financial for advice.
Some additional “tools” to help with identifying risk and the underlying sources or causes of risk are:
- “Triggering” or “test” questions, like:
- What is the worst thing that could happen?
- What has happened in the past? What could possibly develop?
- What has happened elsewhere? In this region, in similar churches elsewhere, etc?
- What uncertainties are there? What are we unsure of?
- What needs to go right?
- And so on. You can prepare your own for your church.
- "Scenarios" ("what if...") or "event" questions, like:
- What if our decision is wrong?
- What might be an alternative or opposite view?
- What if a (defined) incident actually occurred?
- What would the community expect of us?
Step 2: Assess the Risks
Once the church’s risks have been identified, the next step is to assess the level of risk involved with each risk and to evaluate each in terms of their relative priority, including whether they require risk control improvement or whether they are well controlled and thus acceptable at present.
Risk assessment is based on the concept that “risk” comprises two key components: likelihood (chance of a risk arising) and impact (consequence or severity should the risk actually occur). Combined, these two components produce the level of risk applicable to a given circumstance. This means that, for example, a significant level of risk could be produced by an event of low likelihood but major impact if indeed it did occur, or it could also be produced by an event of high likelihood but lesser (say moderate) impact.
It is common to consider and appraise likelihood, impact and the resultant level of risk in qualitative terms. The process may be illustrated as:
To assist you in doing this, you might use the tables shown below for each risk you have identified, firstly, assess the likelihood of the identified risk actually happening:
Frequently occurs, is present now or highly probable to occur (100% chance of occurrence or a few times each year)
Some occurrences and fairly probable (75% chance of occurrence; might occur maybe once or twice per year)
Possible (50% (i.e. 50:50) chance of occurring; might occur maybe once every 2 to 3 years)
Small (10% to 20%) chance of occurring; might occur maybe once in 5 -10 years
Very small (maybe 1 in 50 or 1 in 100) chance of occurring; might occur once in 20-50 years
Next assess the potential impact or consequence if the risk was in fact to occur:
Death; huge financial loss; stops church operation for very long time; damages church reputations
Major injuries; major property and/or monetary loss; halts church operations; damages church or pastor reputation
Medical treatment required offsite; high monetary loss; affects key activity, service
Minor medical treatment on site; low-medium monetary loss
No injuries, no or little monetary loss, short-term
Next, from the above assessments, assess the level of resultant risk and accordingly evaluate the degree of urgency with which the risk needs to be resolved by the church:
From which a possible risk evaluation is as follows, for example:
Immediate action; notify pastor/senior church staff
Activity must not proceed while any risk is rated VERY HIGH
Advise church senior staff - Activity can only proceed while any risk is rated HIGH with risk solution approved and signed by Safety Officer and Management (Principal)
Assign responsibility to fix (treat the risk)
Risk management plan must be in place before activity begins
Routine action; acceptable risk at present but check controls regularly
The following link will give you access to a Risk Assessment template that you can use for all your church/ministry activities:
A risk assessment should consider the risks to all people, including non-employees such as sub-contractors and members of the public, the environment, plant, equipment, vehicles and property potentially affected by the risk (hazard or event).
Step 3: Determine What Risk Control measures To Take
This risk assessment process (identify – analyse – evaluate) leads directly into risk mitigation. That is, to risk control actions and improvements. Assessing and recording risk controls and their improvements provides the next component of the church’s “risk register”. Put together, the register of risks and their assessment plus the register of controls and control improvement actions (termed “risk treatments” in ISO 31000) form a typical documented basis for a church’s risk profile and associated risk management action plan.
Using the results of the risk assessment, determine what control measures, or what actions to take, in order to eliminate or reduce the risks to an acceptable level. Typically, priority is given to Very High & High risk activities.
In principle, risk control actions to take might consist of one or more of the following:
Principle | For example | |
---|---|---|
Avoid | Avoid or eliminate the potentially risky activity | Prohibit volunteers climbing on roofs or scaffolding; prohibit re-use of open or unrefrigerated food |
Prevent | Stop the risk problem arising in the first place | Secure/lock doors and windows; clear gutters and downpipes; provide training or instructions; screen vehicle (e.g. bus) drivers |
Limit or contain | Control | Prepare sandbags to halt flooding; supervise tasks; ensure first aid or risk response capability is available and properly ready at church events |
Transfer | Shift the risk away by contract or insurance | Ensure tradesmen are currently and properly insured for public liability and workers compensation |
Spread | Share or diversify the risk | Require two signatories on all financial transactions; provide job rests and rotations; ensure people are given adequate help (e.g. to lift objects) |
Generally, risk control measures may be divided into short-term/immediate control measures and longer-term control measures. The long-term aim should always be to eliminate the risk at source, but, whilst attempting to achieve this aim, other short-term actions should be used.
Risk treatments should be documented in the form of an action plan. As stated earlier, this enables regular monitoring of progress and completion of risk control actions and also provides a reference should church personnel change.
The risk treatment plan and schedule thus would set out the risk treatment options recommended for each unacceptable risk exposure that was identified in the risk evaluation process earlier. A template for such a risk treatment plan is shown at the end of this document.
It is typical to have the risk treatment action plan included alongside the risk register (list of identified risks). The risk treatment plan records the specific treatment, schedule for implementation and responsibility. It therefore will assist with implementation and monitoring of progress and recorded completion of risk control improvements.
Step 4: Monitor and Review Risk Control Measures
Lastly, because church business, personnel and activities change with time, risk controls should be regularly monitored and periodically reviewed to ensure they continue to be in place and working as intended.
Some of the ways to undertake such review are:
- Update the above steps of the church’s risk register and risk treatment plan at least annually
- Review the church’s incident and claims records as part of this
- consult with church employees and volunteers
- refer to manufacturer's instructions
- Refer to specialist risk practitioners and ACS Insurance Services
Step 5: Ongoing Risk Management
The risk management procedure should be repeated at intervals or whenever there is reason to suppose the results are no longer valid.
Other Helpful Links and Resources:
Risk Assessment Examples
DISCLAIMER: The information on this website reflect some of the commercial aspects and potential risks/obligations for your Church, School or Organisation. The information is given as a guide only and does not represent a definitive list or legal view in any way shape or form. You are advised to seek your own professional advice on all your individual needs.
ACS Financial Pty Ltd (ACN 062 448 122) (AFSL 247388).