No menu items have been found.

Church Risk Management

What is a Risk Assessment, and how do you prepare one? Here's a step by step guide...

Risk management and risk assessments – these are terms which are frequently bandied about, and most churches and ministries have a general understanding that it is something important that must be done, but what does it really mean, and how do you go about preparing an appropriate risk assessment for your church or ministry activities?

In the past, some churches and ministries may have failed to protect their people and property, not because they were uncaring or not interested, but purely because the idea of risk management seemed onerous, time consuming or there was simply no one who knew how to navigate the process.

Unfortunately, we live in a less than perfect, material and sometimes hostile world, a world which is becoming increasingly litigious, and seeks to apportion blame to another party for all manner of losses. Society often places churches and ministries on a higher moral pedestal, therefore the duty of care to those entrusted to our care or who are participating in our programs is significantly increased.

Following is a step-by-step guide on how to prepare a risk assessment for your various ministry activities.

Overall Objective/Purpose

The overall purpose of a Risk Assessment is to outline a process to help the Church properly apply risk management to all risks and incidents that may have the potential to cause injury or damage and associated costs for your Church.


The chance (likelihood or probability) of something happening that may have an adverse impact on the church, its congregation, activities and other personnel.

Risk Management: 
A logical and systematic approach to managing the uncertainty regarding risk of injury, illness, loss and damage.

Specific Objectives

To help the Church to implement a Risk Management Strategy for the effective management of potential risks to church property, personnel, activities and objectives, it is recommended that the following steps are carried out.

The general idea and result of these steps is to produce a written list of risks and associated actions to improve current risk controls (commonly called a “risk register”).

This provides a systematic plan for risk management across all church operations and enables continuity of attention to church risks and control improvements should church personnel change in the meantime.

Step1: Identify the Risks

Church activities and operations encompass a wide range of possible risk exposures. It is therefore helpful to breakdown exposures into various categories or areas of risk and consider possible risks within each of these in turn. 

Though risks could be categorised in many ways, some typical categories to help identify and scope a church’s potential risk exposures are, for example:

Risk Category

Covering, for example


Risk of fire, flood, storm, damage to church buildings, other assets

Public liability

Risk of injury or damage to people on church property, at church events, to tradesmen, to children on church grounds; as a result of unsafe food


Breach of copyright, error in advice or inappropriate counselling, mismanagement of church business, misconduct, harassment


Risk of theft, vandalism or other attack on church property or personnel

Social media

Risk of abuse, slander or vilification through internet and phone media


Risk to people in church buses, cars; risk to transporting church goods

Volunteer safety

Risks to volunteers (same as for church employees)

Identifying and listing possible risks can then be done by observation and judgment – for example:

  • A walk-through survey of church grounds and property, or event site
  • Consulting with church employees
  • Maintaining and reviewing records of incidents or accidents
  • Examining manufacturer's instructions on chemicals, plant and equipment
  • Using specialist risk practitioners where necessary;
  • Asking ACS Financial for advice.

Some additional “tools” to help with identifying risk and the underlying sources or causes of risk are:

  • “Triggering” or “test” questions, like:
    • What is the worst thing that could happen?
    • What has happened in the past? What could possibly develop?
    • What has happened elsewhere? In this region, in similar churches elsewhere, etc?
    • What uncertainties are there? What are we unsure of?
    • What needs to go right?
    • And so on. You can prepare your own for your church.
  • "Scenarios" ("what if...") or "event" questions, like: 
    • What if our decision is wrong?
    • What might be an alternative or opposite view?
    • What if a (defined) incident actually occurred?
    • What would the community expect of us?

Step 2: Assess the Risks

Once the church’s risks have been identified, the next step is to assess the level of risk involved with each risk and to evaluate each in terms of their relative priority, including whether they require risk control improvement or whether they are well controlled and thus acceptable at present.

Risk assessment is based on the concept that “risk” comprises two key components: likelihood (chance of a risk arising) and impact (consequence or severity should the risk actually occur). Combined, these two components produce the level of risk applicable to a given circumstance. This means that, for example, a significant level of risk could be produced by an event of low likelihood but major impact if indeed it did occur, or it could also be produced by an event of high likelihood but lesser (say moderate) impact.

It is common to consider and appraise likelihood, impact and the resultant level of risk in qualitative terms. The process may be illustrated as:

To assist you in doing this, you might use the tables shown below for each risk you have identified, firstly, assess the likelihood of the identified risk actually happening:

Almost Certain

Frequently occurs, is present now or highly probable to occur (100% chance of occurrence or a few times each year)

Very Likely

Some occurrences and fairly probable (75% chance of occurrence; might occur maybe once or twice per year)


Possible (50% (i.e. 50:50) chance of occurring; might occur maybe once every 2 to 3 years)


Small (10% to 20%) chance of occurring; might occur maybe once in 5 -10 years

Very Unlikely

Very small (maybe 1 in 50 or 1 in 100) chance of occurring; might occur once in 20-50 years

Next assess the potential impact or consequence if the risk was in fact to occur:


Death; huge financial loss; stops church operation for very long time; damages church reputations


Major injuries; major property and/or monetary loss; halts church operations; damages church or pastor reputation


Medical treatment required offsite; high monetary loss; affects key activity, service


Minor medical treatment on site; low-medium monetary loss


No injuries, no or little monetary loss, short-term

Next, from the above assessments, assess the level of resultant risk and accordingly evaluate the degree of urgency with which the risk needs to be resolved by the church:

From which a possible risk evaluation is as follows, for example:

Very High

Immediate action; notify pastor/senior church staff
Activity must not proceed while any risk is rated VERY HIGH


Advise church senior staff - Activity can only proceed while any risk is rated HIGH with risk solution approved and signed by Safety Officer and Management (Principal)


Assign responsibility to fix (treat the risk)
Risk management plan must be in place before activity begins


Routine action; acceptable risk at present but check controls regularly

The following link will give you access to a Risk Assessment template that you can use for all your church/ministry activities:

A risk assessment should consider the risks to all people, including non-employees such as sub-contractors and members of the public, the environment, plant, equipment, vehicles and property potentially affected by the risk (hazard or event).

Step 3: Determine What Risk Control measures To Take

This risk assessment process (identify – analyse – evaluate) leads directly into risk mitigation. That is, to risk control actions and improvements.  Assessing and recording risk controls and their improvements provides the next component of the church’s “risk register”.  Put together, the register of risks and their assessment plus the register of controls and control improvement actions (termed “risk treatments” in ISO 31000) form a typical documented basis for a church’s risk profile and associated risk management action plan.

Using the results of the risk assessment, determine what control measures, or what actions to take, in order to eliminate or reduce the risks to an acceptable level. Typically, priority is given to Very High & High risk activities.

In principle, risk control actions to take might consist of one or more of the following:


For example


Avoid or eliminate the potentially risky activity

Prohibit volunteers climbing on roofs or scaffolding; prohibit re-use of open or unrefrigerated food


Stop the risk problem arising in the first place

Secure/lock doors and windows; clear gutters and downpipes; provide training or instructions; screen vehicle (e.g. bus) drivers

Limit or contain


Prepare sandbags to halt flooding; supervise tasks; ensure first aid or risk response capability is available and properly ready at church events


Shift the risk away by contract or insurance

Ensure tradesmen are currently and properly insured for public liability and workers compensation


Share or diversify the risk

Require two signatories on all financial transactions; provide job rests and rotations; ensure people are given adequate help (e.g. to lift objects)

Generally, risk control measures may be divided into short-term/immediate control measures and longer-term control measures.  The long-term aim should always be to eliminate the risk at source, but, whilst attempting to achieve this aim, other short-term actions should be used.

Risk treatments should be documented in the form of an action plan. As stated earlier, this enables regular monitoring of progress and completion of risk control actions and also provides a reference should church personnel change.

The risk treatment plan and schedule thus would set out the risk treatment options recommended for each unacceptable risk exposure that was identified in the risk evaluation process earlier.  A template for such a risk treatment plan is shown at the end of this document. 

It is typical to have the risk treatment action plan included alongside the risk register (list of identified risks). The risk treatment plan records the specific treatment, schedule for implementation and responsibility.  It therefore will assist with implementation and monitoring of progress and recorded completion of risk control improvements.

Step 4: Monitor and Review Risk Control Measures

Lastly, because church business, personnel and activities change with time, risk controls should be regularly monitored and periodically reviewed to ensure they continue to be in place and working as intended.

Some of the ways to undertake such review are:

  • Update the above steps of the church’s risk register and risk treatment plan at least annually
  • Review the church’s incident and claims records as part of this
  • consult with church employees and volunteers
  • refer to manufacturer's instructions
  • Refer to specialist risk practitioners and ACS Insurance Services

Step 5: Ongoing Risk Management

The risk management procedure should be repeated at intervals or whenever there is reason to suppose the results are no longer valid. 

Other Helpful Links and Resources:

DISCLAIMER: The information on this website reflect some of the commercial aspects and potential risks/obligations for your Church, School or Organisation. The information is given as a guide only and does not represent a definitive list or legal view in any way shape or form. You are advised to seek your own professional advice on all your individual needs.
ACS Financial Pty Ltd (ACN 062 448 122) (AFSL 247388).

 your Church, Ministry or Christian School?

Hi there, we're ACS Financial, Insurance and Protection specialists for Australian Churches, Ministries and Christian Schools.  

Get A Quick Quote! 

About ACS Financial

Trusted leaders in Insurance and Protection, Lending, Investment and Risk Management for Churches, Ministries and Christian Schools and we've been serving our clients for over 25 years... 

Save up to 40% on your personal home, car and contents insurance with one quick call. 

Call:1800 646 777

"It's only in the midst of a crisis that you understand the value of an insurance broker who understands your unique needs.  Cyclone Debbie hit our village and our church and caused flooding of over 4 meters devastating most of the village, including our church, contents and equipment.  We're with ACS and when crisis hit they understood our unique needs, looked after us and were able to help us get back on track so that we could go and help the community. "   
Living Waters Church

Need help with Insurance And Protection?

Find out why thousands of Australian Churches, Ministries and Christian Schools trust us with their insurance and protection needs. The only question is, when will you? 

Get A Quick Quote...