Skip to main content
Why is risk management important?

How does risk management work?

Why undertake risk management?

Risk management is not always a “stopper” to activity, it can be an enabler, helping organisations to see challenges and opportunities. Good risk management provides a framework which improves the success and speed of decision-making, supporting pro-active actions which are more likely to be effective.

The process of developing a risk management framework improves the organisation’s ability to scan its horizon, ensuring more realistic business and project planning. It helps to identify the unknown unknowns, builds flexibility and adaptability and in doing so increased the resilience of the organisation. In turn, this can provide more certainty in achieving goals, growth, objectives and / or improved performance and control, with fewer costly surprises.

What are the warning signs that might prompt you to think that your organisation needs to think about risk management?

The organisation has:

  • Never thought about new, emerging or changing risks (or risk at all) in relation to its activity and desired outcomes
  • Areas of performance which are changing – either for better or for worse
  • A plan to do something new, different, ambitious or expensive
  • Aims, objectives, resources and timeframe overall, or a particular plan or activity that are not clearly understood or agreed by everyone
  • Gaps in information or data
  • Expectations, commitments or liabilities that are vague, over optimistic or under-valued
  • Not considered contingencies or plan B actions for particular activity(s)
  • Significant changes in the operating/trading environment

What does should risk management involve?

There are five key principles within a robust risk management framework:

  1. Comprehensive – it must cover all aspects of the business and organisation
  2. Continual – risk management is not a one-off exercise, the approach must be routinely maintained and regularly refreshed and updated
  3. Integrated – effective risk management must be embedded and part of all operations and systems within an organisation
  4. Suitable – there is no ‘one size fits all’ approach to risk but instead there are common principles, policies and practices that can be adapted to any activity
  5. Proportionate – the approach must have a realistic sense of proportion – for the size and scope of the organisation and in the attitude towards benefits and risks


This resource has been written by Angela Lomax from David Tolson Partnership, Chair of the Co-operative Governance Expert Reference Panel.