Sports Injury & Risk Management
How to Develop a Plan
No single risk management model fits every organisation. Different governance and administrative structures, and varying activities mean every organisation must develop a risk management strategy to suit their specific needs.
The importance of managing risk cannot be under-estimated and your organisation must take responsibility for managing your own risks. Every organisation is exposed to risks in a variety of areas including financial, legal, ethical, social and physical. These risks range from minor, easy to manage risks, to risks so serious they could threaten the very existence of an organisation should they ever occur.
As a responsible organisation, you must make a genuine commitment to using best practice risk management strategies to support and enhance your operations and activities by:
- Developing and implementing a risk management plan to minimise reasonably and foreseeable disruption to operations, harm to people and damage to property
- Identifying and minimising the potentially adverse effects of any operation or activity
- Striving to continually improve risk management practices
- Training and encouraging people to implement risk management effectively
- Ensuring risk management is an integral part of all decision-making processes
To assist sport and active recreation organisations identify and manage risks, vicsport, with funiding support from the Victorian Government, has developed an online Risk Identifier application.
Working through the Risk Identifier application will provide organisations with the basic framework required to continue to develop a comprehensive and formalised risk management plan. To find our more about the Risk Identifier, click here.
While the information you have gained by working through the Risk Identifier application will help identify risk areas and set the framework, to develop a comprehensive risk management plan organisations must make a commitment to develop an effective strategy to manage risk associated with its organisational structure and physical activities.
The Guide to Developing Risk Management Plans outlined below offers an example of an easy to follow eight-step process your organisation can use to develop a comprehensive risk management plan.
Step 1: Make a Commitment
Before any successful risk management strategy can be developed the organisation as a whole must make a commitment to support both the development and implementation of a risk management plan.
Your organisation must understand the risks associated with conducting your business and participating in your activities, and must be committed to minimising these risks in order to create a safe environment and experience for all members.
Step 2: Identify general risks areas
The key to developing a comprehensive risk management plan lies in clearly identifying all the risks that may arise from the conduct of your business affairs or physical activities.
To make this task easier, it is recommended you break the total risk management plan down into a number of general risk areas. The 8 categories you worked through with the Risk Identifier application offers an example of one way risks can be broken down and you can use these categories as a guide if you wish. It is vital however your plan suits the needs of your organisation, so develop as few or as many general categories as required to best meet your own needs.
Step 3: Identify specific risks
This is the most complex and time-consuming part of the process. You must now sit down and attempt to identify every individual risk you can think of that exists for your organisation. Again, the Risk Identifier application outlines the general risks associated with each of the identified sub-categories so use this as a building block to which you can add any risks specific to your organisation not identified in the Risk Identifier questions.
Step 4: Evaluate the risks
Once you have identified all the risks you possibly can, you enter into the process of risk evaluation. The risk evaluation process gives each identified risk a priority rating based on the likelihood of the risk occurring, and the consequence to the organisation if it does occur. This can be done using a Risk Priority Matrix. High priority risks will be those having a high impact on the organisation and/or a high probability of occurring, while low priority risks will be those having little chance of occurring, and/or little impact on the organisation if they do occur.
Once developed your priority listing will help you to clearly see which of all your risks should be treated as a matter of urgency as they have a high probability of occurring and/or serious consequences should they occur.
The Risk Priority Matrix
The Risk Priority Matrix allows you to determine the level of risk each particular incident you have identified potentially poses for your organisation should it occur.
The Risk Priority Matrix gives each identified risk a priority rating – from extreme to minor, by combining the factors of the likelihood of occurrence with the consequences should the risk arise.
To use the risk priority matrix, use Table 1 to rate the Likelihood of each identified risk arising, and Table 2 to rate the Consequences should that risk arise. As risks will vary between organisations, it is up to you to determine the likelihood and the consequences of each risk arising. There are no right or wrong answers here, just aim to measure each risk as accurately as you can
Table 1: Likelihood of Identified Risk Occurring
| Rating | Likelihood of the risk occurring in the course of a year |
| A | ALMOST CERTAIN: Will probably occur, could occur several times per year |
| B | LIKELY: High probability, likely to arise once per year |
| C | POSSIBLE: Reasonable likelihood that it may arise over a five-year period |
| D | UNLIKELY: plausible, could occur over a five to ten year period |
| E | RARE: Very unlikely but not impossible, unlikely over a ten year period |
Table 2: Consequence of Identified Risk Occurring
| Rating | Potential Impact - In terms of the objectives of the organisation |
| A | EXTREME: Many objectives will not be achieved, or several severely affected |
| B | MAJOR: most objectives threatened or one severely affected |
| C | MODERATE: Some objectives affected, considerable efforts to rectify |
| D | MINOR: Easily remedied, with some effort the objectives can be achieved |
| E | NEGLIGIBLE: very small impact, rectified by normal processes |
Once you have given each risk an A-B-C-D-E rating for both likelihood and consequence, you simply identify the level of risk on the risk priority matrix by correlating the likelihood of occurrence with the consequences of occurrence.
To help clarify the process for identifying risks read through the following example.
Example: Identified risk - major fire in your administration headquarters
i. Identified Likelihood
Consider the identified risk and work through Table 1 to rate the likelihood of the risk occurring as accurately as you can. For this example we will rate the risk of a major fire as an E category risk (Rare) - Unlikely to happen but it is possible.
ii. Identified Consequence
Work through Table 2 to identify the potential consequences should this event arise. In this example we will rate the consequences of a major fire as an A category risk (Extreme).
A major fire could lead to total loss of you building and everything housed within. This would without doubt severely impact on your ability to meet objectives.
Step 5: Prioritise the Risk
Once you have determined the likelihood and consequence rating for each risk you can enter these ratings into the Risk Priority Matrix to get a risk priority rating for each identified event.
Using our fire example, refer to Table 3 – The Risk Priority Matrix below.
Please note the top axis of the table represents the Consequence, while the left axis of the table represents the Likelihood.
Table 3: Risk Priority Matrix
|
A |
B |
C |
D |
E |
|
| A |
Extreme(1) |
Extreme (1) | Major (2) | Major (2) | Medium (3) |
| B | Extreme (1) | Extreme (1) | Major (2) | Medium (3) | Minor (4) |
| C | Extreme (1) | Major (2) | Major (2) | Medium (3) | Minor (4) |
| D | Major (2) | Major (2) | Medium (3) | Minor (4) | Minor (4) |
| E | Medium (3) | Medium (3) | Minor (4) | Minor (4) | Minor (4) |
Looking down the left hand column, mark row E as the identified likelihood of the event occurring, and looking across the top row, mark column A as the identified consequence of the event occurring. Find the cell in the matrix where row E and column A meet, and you will see the risk is identified as a 3 Priority, or Medium level risk to your organisation. (E.g. Follow the shaded boxes)
Table 4: Risk Priority Key
| Extreme (1) | Extreme risks likely to arise with potentially serious consequence |
| Major (2) | Major risks likely to arise with potentially serious consequence |
| Medium (3) | Medium risks likely to arise or to have serious consequence |
| Minor (4) | Minor risks with low consequence |
When you have finished working through the risk priority matrix each risk will have a risk priority index number identifying that risk as extreme, major, medium or minor. By simply placing every risk on a priority rating scale, you can now easily see which risks are potentially serious and require urgent attention, and which risks are less likely to occur or have less serious consequences and can be attended to in due course.
It is important to note the risk priority rating scale is a guide only. You do not have to work from the top down. Some lower ranked minor risks may be very easily managed and can be attended to with little effort so by all means attend to these risks as soon as possible. The most important thing to note from the priority rating table is those extreme and major risks must be attended to in some way as soon as possible.
Step 6: Treat the risk
Once a risk has been identified and prioritised, it must either be accepted or treated. Some risks are acceptable simply because the level of risk is so low it doesn’t justify any specific further action. As an example, minor injuries in contact sports such as bruising are considered ‘part of the game’. Other risks must be accepted simply because there is nothing you can do about them, such as the forces of nature.
Most risks can be treated or managed in some ways. Some of the more common ways to manage risks include:
Avoid – cancelling or postponing an activity considered to be high risk, such as a surf competition in dangerous weather or a fun run in extreme heat.
Reduce – taking proactive measures to reduce the likelihood of a risk occurring or the consequences should an event occur. Modifying or changing the rules of a game, using protective equipment or backing up electronic data and having a copy stored off-site to limit the impact in the event of on-site data loss are examples of risk reduction.
Transfer - examples of transfer include taking out insurance or using waiver or indemnity releases to transfer the whole or part fo the responsbility for the risk to another party. It is important to note taking out insurance or using waivers or idenmnity releases does not limit the risk of the incident itself, it seimply helps to protect the organisation if an incident does occur. Organisations still have a responsibility to limit in every way possible, the chances of an incident occurring. Insurance is not an excuse for negligence.
Accept – an organisation can choose to accept the risk of an incident occurring and to carry the consequences should such an incident arise. As an example, your organisation may choose not to insure your building and contents against fire or theft as these events rarely occur. When choosing to accept a risk and its outcomes the organisation must be fully aware of the consequences of acceptance. In the case of a fire causing extensive damage to an organisation’s administration headquarters, the organisation who chose to accept and carry the costs of such an incident occurring will be faced with covering the costs of replacing both the building and any contents damaged by the fire.
It is reccommened your organisation very carefully weigh up the benfits versus the costs of choosing to accept and carry the consequence for risk. While unlikely events rarely occur, they do happen and should such an event occur without appropriate support in place to cover the outcomes, the consequences can be extreme.
When setting out to manage risks you must ensure treatment is effective. When planning to manage a risk you must determine:
• How the risk will be managed
• What resources will be required
• Who will be responsible for managing the risk
• When will the task be completed
• When will the risk and the management plan be reviewed
Step 7: Develop a Risk Management Policy
The final key to successful risk mangement lies in developing a comprehensive yet easily understood and workable risk management policy. While the ultimate responsibility for developing policies lies with management, all members should be involved in the risk management process as all members will be expected to adhere to risk management policies and practices. By encouraging members to be part of the process the policy is more likely to be understood and accepted.
Communication is arguably the most important factor in successful implementation of a risk mangement plan. The best policy in the world is of no use if it is not utilised on a daily basis. Pay particular attention to educating staff and members about your risk management plan, its purpose and objectives, and their specific responsibilities in ensuring the plan is fully implemented and adhered to.
Step 8: Monitor and Review
Sound risk management does not stop with the development of the plan. Both our organisations and the environs in which we operate are constantly changing. It is vital your risk management policies and procedures are constantly reviewed to ensure they continue to meet both the needs of your organisation and its members, as well as legal, legislative and other standards set down by the industry. Your organisation should have a regular review and compliance plan in place to ensure your risk management strategy remains on target.
 |
 |
 |
 |