The purpose of undertaking risk audits is to try and identify, record, measure, analyze and report the range of risks which may be present in a specific situation. Risk reporting is very specific to any given situation or event. Risk management assessments will differ for an organization can range from quite simple for a planned one-off event, or more complex if a company is trying to assess risks from conducting a series of programs and events which take place over a long period of time.
Why are risk audits necessary?
The purpose of risk reporting via an audit is that unless a process is undertaken to identify risks which may arise, people may be completely oblivious and unaware risks exist. A risk audit goes further than just identify what the risks are. A risk management assessment needs to be undertaken by people with the responsibility to evaluate what the actual risks are and plan accordingly to minimize or eliminate these risks.
What are the necessary steps to take when conducting risk audits?
- Set out the scope for the audit i.e. what situation needs to be audited?
- Decide on the best method for gathering information (i.e. interviews, observations, checklists)
- Write a detailed procedural document outlining the steps and processes for the risk management audit
- Arrange site visits and interviews
On-site risk audits
- Conduct briefings with personnel involved in the audit process
- Conduct site visits, referring to prepared checklists and procedures, observing what is currently in place, what needs to be improved and what areas need a plan to be implemented if it’s evident one is not already in place
- Probe an organization’s personnel by conducting comprehensive interviews which seek out knowledge regarding risk management procedures
- Check existing policy and procedures and review if they currently meet industry standards
- Review any accident and injury log books
- Write a detailed risk reporting summary of your main findings
What happens after a risk audit?
- Analyse the information gathered from checklists, interviews and existing procedures.
- Prepare a list of identified risks and evaluate the severity of each one
- Prepare a report on the identified risks and suggest strategies to deal with the risks
- Write a detailed report and present your feedback and findings to relevant personnel within the organization
- Decide on the next steps in the process and set a date for the next risk audit review