The risk management plan is a document which outlines the risks faced by the business and provides guidance on risk mitigation strategies.
The risk management plan should contain:
- identified risks
- rating of the impact of the risk for the business (ie low, medium, high)
- rating of the likelihood of the risk occurring (ie low, medium, high)
- actions taken or to be taken to mitigate the risks
- timeframes for review.
Risk management in a small business should not be a stand-alone plan. There are relationships between risk management and many of the management processes and techniques that may be employed to ensure the successful operation of a business.
Good practice is to ensure that all of the following business areas are considered when developing the risk management plan:
The risk management plan should be reviewed regularly and updated as needed to ensure all risks in the business are being covered.