The key to making sound and well informed risk management decisions is to follow a clearly laid out decision making process.
The first step in this process is to IDENTIFY your exposure to loss (“the risk”). What is the local government responsible for? Risks can include damage to property, liability for injury, property damage or economic loss of a third party, loss of personnel or net income loss.
You might use surveys and questionnaires, your claims loss history, financial records, bylaws, meeting minutes, contracts, statutes and regulations, legal decisions, loss control inspections or reports from experts to identify risks your local government is facing.
The next step is to evaluate and ASSESS the loss exposure by attempting to measure the risk. How frequently might a negative outcome occur? If a negative outcome does occur, how significant will the effect of that outcome be? How much control do we have over lowering the likelihood that something bad will happen or its impact if it does? In assessing the loss exposure we can then prioritize the risks we want to address first and those we will leave for later.
Once you have identified the risks and prioritized those you want to address, the next step is to EXAMINE possible mitigation strategies, or methods of controlling or reducing the risk. Part of this stage involves considering whether you have sufficient personnel or financial resources to implement the mitigation strategy. This is a balancing act. You will want to consider the costs and benefits of each strategy to evaluate which technique is most appropriate.
Upon examining mitigation strategies, you want to SELECT the apparent best technique that balances risk reduction and your resources, then IMPLEMENT the technique and MONITOR the results to determine whether the mitigation strategy has been effective at lowering or controlling the risk.
The most often overlooked, but arguably most important, aspect of the risk management decision making process is monitoring the strategies that have been implemented to assess whether or not the controls are working to lower the risk. If the control strategies are not working, you should ask yourself if they can be tweaked or improved or whether you should implement an entirely new strategy.