Skip to main content

Risk Management


Risk management consists of defined steps which help us understand risks and their impact.  Good risk management awareness and practice at all levels is a critical success factor for any organisation and needs to be seen as integral to effective management practice. It is recognised that risk is present in any organisation and therefore needs to be continuously managed in a systematic and consistent manner in all areas: patient, staff, health and safety, environmental, organisational, financial and commercial.

The risk management process can be applied to any situation where an undesired or unexpected outcome could be significant or where opportunities are identified.

The Risk Management Process

A commonly adopted system of risk management is the AS/NZ Guidance which can be obtained via the link to this page but is not a free resource. In this guidance it is recognised that the main elements of the risk management process is to: 
Establish the context Establish the strategic, organisational and risk management context in which the rest of the process will take place. Criteria against which risk will be evaluated should be established and the structure of the analysis defined.
Identify risks Identify what, why and how things can arise as the basis for further analysis.
Analyse risks Determine the existing controls and analyse risks in terms of consequence and likelihood in the context of those controls. The analysis should consider the range of potential consequences and how likely those consequences are to occur. Consequence and likelihood may be combined to produce an estimated level of risk.
Evaluate risks Compare estimated levels of risk against the pre-established criteria. This enables risks to be ranked so as to identify management priorities. If the levels of risk established are low, then risks may fall into an acceptable category and treatment may not be required.
Treat risks Accept and monitor low-priority risks. For other risks, develop and implement a specific management plan which includes consideration of funding.
Monitor and review Monitor and review the performance of the risk management system and changes which might affect it.
Communicate and consult Communicate and consult with internal and external stakeholders as appropriate at each stage of the risk management process and concerning the process as a whole.

Local Health Boards (LHBs) need to continuously work to manage and minimise risks of harm to people, services and the organisation itself to an acceptable level and to prevent recurrence of incidents wherever possible. A comprehensive risk management programme needs to support the management of risk through a co-ordinated, integrated and systematic approach. The Welsh Government (WG) sets out in its framework Putting Things Right the importance of an integrated system of risk management to enable the effective management of risk.


Risk Management Culture

Significant benefit from good risk management practice will come via ownership of risk management throughout the organisation. This is where the importance of promoting a culture of openness within a learning environment is paramount. Staff must be trained, encouraged and supported through strong leadership to take a proactive role in identifying and reporting risks and "near misses" and taking appropriate actions to resolve problems at source, wherever possible. To this end the Incident Reporting system should not be seen as part of the disciplinary process.

Risk Management Systems

  • Incident reporting and investigation of claims, complaints and incidents - reports produced demonstrate that lessons are learnt and that actions are put in place to make safe and prevent recurrence of these incidents as far as is possible.
  • Risk Assessment - assessments can be produced proactively or reactively and must include patient, staff, health and safety, environmental, organisational, financial and commercial.
  • Risk Profiling and Risk Registers - organisational wide comprehensive profile of key risk areas that is prioritised and managed by appropriate levels of the organisation and monitored for progress against actions at key levels.
  • A system for fast tracking key events - to the Board and to external agencies such as the HSE (Health and Safety Executive), MHRA (Medicines and Healthcare Products Regulatory Agency) and National Patient Safety Agency (NPSA).
  • A collection of strategies, policies, procedures and systems - to control the risks that would otherwise arise and ensure that care and services are delivered by competent staff who are aware of how to raise concerns.


The adoption of these principles and associated quality and Clinical Governance programmes will contribute towards improved effectiveness and enhanced services for patients and minimizing the resources that are diverted away from patients and service users.
Useful Links: