Question

Assume that you are the newly appointed risk manager for a medical facility. What steps would you take to perform comprehensive risk assessment for your organization? who will you need help from in performing this assessment?

Answer 1

COMPREHENSIVE RISK ASSESSMENT

Comprehensive risk assessment refers to self control type of risk management based on comparison of financial institution's financial strengths and and all risks faced by the institution including risks not counted in the calculation of capital adequacy ratios.

STEPS IN COMPREHENSIVE RISK ASSESSMENT

1. Retroactive threat assessment

simply involves

• listing existing threats
• priority of these threats

we can assess further assess these existing threats by:

• Incident mapping- cluster incidents geographically on incident map ( identifies hot spots, well known in traffic management ie. accident black spots)
• Trend analysis- are things changing overtime, certain incidents occuring more frequently certain areas becoming too dangerous

2. Threat and incident pattern analysis

some threats may have materialised into incidents resulting in actual harm to our agency or othrs operating in the area. Even at this stage we may want to investigate such threats and gain a more detailed profile of

• incidents
• victims
• perpetrators

3. Proactive threat assessment

our risk asessment can not just be reactive( concerned with past incidents) , but needs also to anticipate what is likely to happen in the future

This needs good contextual/ situational knowledge

4. Vulnerability analysis

stages 1-3 should have identified the main threats in our operating environment. However our agency and staff may not be vulnerable to all of these threats. The function of vulnerability analysis is to help us identify the priority threats. The function of vulnerability analysis is to help us identify the priority threats;namely those that pose real to our staff, assets and operations

Against each of the threats we have identified we need to consider where and why our agency may be at particular risk. Internally different members of staff,working in different locations on different jobs will have different vulnerabilities

• Identify the hazards
• Determine who might be harmed and how
• Evaluate the risks and take precautions
• Record the findings
• Review assessment and update if necessary

The employer is responsible for risk assessments within a workplace,meaning that it is their responsibility to ensure it is carried out. An employer can appoint an appropriate individual to carry out a risk assessment on behalf of the organisation, as long as they are competent to do so.