Risk Management Policy

Rural Organisation for Social Advancement “ROSA”    


Risk Management Policy


What is Risk?


It is common to think of Risk as what might go wrong in an organization, But a more precise definition is’ the effect of uncertainty on an organization’s objectives’, Potential risk come and go, or evolve’ as on organization’s internal dynamics change and as the external environment in which its operates changes. Keeping abreast of the risk that may affect your organization must be therefore be an ongoing activity.


What is risk management?


Risk management is aims firstly at anticipating Risk then its aims preventing them from happening or at minimizing their impact if they do happen.


1. Purpose

The purpose of this policy is to set out ROSA Organization’s policy on the

management of risk within the organization.

The key messages are:

1. Management of risk is the concern of everyone,

2. Management of risk is part of normal day to day work,

3. The process for managing risk is logical and systematic and should be

implemented on a routine basis and integrated with service delivery.

ROSA Organization will ensure that risk management:

- is an integral and ongoing part of its management process

- is as simple and straightforward as possible

- that structures and responsibilities are clearly defined.

In addition, ROSA Organization will:

- determine an appropriate method for addressing identified risks

- repeat the process of risk identification on an appropriate periodic basis.

- assess identified risks on an appropriate periodic basis

- provide for monitoring and reporting at various levels of management.

2. Scope

This policy applies to all ROSA Organization employees in any setting where supports

and/or services are provided.

3. Areas of Risk

In order to manage risk on an integrated basis i.e. inclusive of all risk whether to do

with the management or the process of service being provided, the following have been identified as risk areas to be addressed.

  • Risk of Injury to Service User/Staff/Public
  • ·Service User Experience Risks
  •  Compliance with Standards (Statutory, Professional and Management) Risks
  • Objective and Project risks
  •  Adverse Publicity/Reputational Risks
  •  Financial Loss Risks

·4. Risk management policy

ROSA  is committed to implement an organizational philosophy that

ensures risk management is an integral part of organizational objectives, plans and

management systems. Compliance with legislative requirements underpin the risk

management policy. The core function of risk management is to assist ROSA Organization to meet its objectives.

With the introduction of more individualized approaches to service provision by

ROSA Organization the expectation is that there will be a more positive approach

taken by staff around ‘risk’ and the opportunities that positive risk taking can bring to

people’s lives. The use of risk management methods to provide a consistent

approach to these issues.

The following factors are considered essential for the successful implementation of a

risk management strategy:

1. Board and management understanding and commitment to risk management.

2. Alignment to the organization’s objectives.

3. Implanted into day-to-day processes.

4. Management of risk is an integrated way incorporating clinical, non-clinical,

and financial risks.

5. Employees and management partnership in risk management processes with

clear communication channels.

6. Structured mechanisms in place to monitor and review the effectiveness of

risk management strategies, plans and processes.

7. All incidents are immediately reported, categorized by their consequences

and investigated to determine system failures, using an organizational

learning approach.

8. Systems of work are designed to reduce the likelihood of harm occurring.

9. Safe systems of work are in place to ensure the safety of clients, staff, and

the public.

5. Promoting a Risk Management Culture

ROSA Organization is committed to the protection and wellbeing of the people that it

supports, their families, and ROSA Organization staff as well as demonstrating

openness and transparency in all matters relating to management and legislative

compliance. To this end ROSA Organization is committed to promoting a culture of

Risk Management based on a practical application of best practice. ROSA Organization is committed to having in place the necessary structures, processes,

training, information systems and communication mechanisms to ensure that this is

achieved, along with, where necessary, financial and other resources.

ROSA Organization seeks the commitment of all staff in supporting this initiative. To

this end the ROSA Organization promotes an environment within which individuals/

groups are encouraged to identify hazards and risks, and report adverse events

promptly within the framework of a positive and supportive culture which seeks to

apportion blame fairly.


6. Risk Management – Organisation Structure in ROSA Organization.

The following organogram sets out where the Risk Management Function of the

ROSA Organization sits in the context of the overall ROSA Organization organization:

  • Board of Directors
  • Audit & Risk
  • Management Committee
  • Chief Functionary
  • Leadership Team (Account Manager,Coordinators and community workers)
  • Other committees

7. Board of Directors monitoring and management of the risk environment

The Board of Directors of ROSA Organization expects that a risk register be

maintained which will allow for the capture of risk information from the ‘bottom up’

within ROSA Organization. The risk register will be the primary tool for risk tracking,

containing the overall system of risks and the status of any risk mitigation actions.

The Board of Directors will monitor and review ROSA Organization’s risk

register, which will be prepared by the Executive, on a quarterly basis.

8. Risk Management process

The Risk Management Process outlines a standardized approach to the

identification, analysis, evaluation, treatment, communication and monitoring of risk.

All services will use this standardized approach and record the outcome in

Risk Registers. These Risk Registers will be collated at key organizational levels

allowing for risks to be managed at the most appropriate level in the organization i.e.

risks that fall outside the control of a line manager may be escalated to the appropriate level of management.

It is essential that action plans for the risks contained in the Risk Register are

identified and an action person assigned. These Risk registers must be under active

consideration and be the subject of regular review.


Risk: can be defined as “the chance of something happening that will have an

impact on the achievement of organizational stated objectives” or the

“effect of uncertainty on objectives”

Note 1: An effect is a deviation from the expected – positive or negative

Note 2: Objectives can have different aspects (such as financial, health and

safety, and  goals) and can apply at different levels (such as

strategic, organization-wide, project and process).

Note 3: Risks may be categorized as:

• Strategic risks: These concern the long-term strategic objectives of ROSA Organization These may be external or internal to the organization.

• Operational risks: These relate to the procedures, technologies and other

factors relating to the short to medium term objectives of ROSA Organization.

Risk management can be defined as coordinated activities to direct and control an

organization with regard to risk.

Integrated Risk management: A continuous, proactive and systematic process to

understand, manage and communicate risk from an organization-wide perspective. It

is about contributing to strategic decision making in the achievement of an

organization’s overall objectives.

Risk management Process: The systematic application of management policies,

procedures and practices to the activities of communicating, consulting, establishing

the context, and identifying, analyzing, evaluating, treating, monitoring and reviewing


Risk Assessment: The overall process of risk identification, risk analysis and risk


Risk Register: A risk register is a database of risks that face an organization at any

one time. Always changing to reflect the dynamic nature of risks.

Hazard: Any process, substance or operation that has the potential to cause harm

Monitor: Continual checking, supervising, critically observing or determining the

status in order to identify change from the performance level required or expected.

Safety: The state of being safe, the condition of being protected against physical,

social, spiritual, financial, political, emotional, occupational, psychological or other

types or consequences of failure, damage, error, accidents, harm or any other event

which could be considered not desirable.

Quality: Doing the right thing consistently to ensure the best outcomes for staff,

satisfaction for all stakeholders, retention of staff and a good performance.

Existing Policy

  • Child protection Policy
  • Communication Policy
  • Conflict if interest policy
  • Diversity & inclusion policy
  • Ethical code& conflict of interest policy
  • Fine and penalty of misconduct policy
  • Inclusion policy
  • HR policy
  • Finance policy
  • Whistle blower policy
  • Safeguarding policy
  • Anti-Fraud policy
  • Risk management


Get In Touch

  • Telephone:
  • Email:

Follow us

© 2024, . All rights reserved.