2.

Risk management will help organizations establish procedures to avoid potential threats,
minimize their impact when they occur and cope with the results. It will also create safe and
secure work environment for all staff and customers.

3. Hazard management
1. It is essentially a problem-solving process aimed at defining problems (identifying hazards),
gathering information about them (assessing the risks) and solving them (controlling the risks).
Hazard management is a very important field as a result of the fact that hazard identification
constitutes the first step in actualizing risk assessment procedures.

Control management
It is important to distinguish “control” from “management.”
Manage something = to do something
Controlling something = monitor something
In reality there are people that sometimes unable or unwilling to act in your organization's best
interests. So, you need to implement a set of controls to help steer your people away from
undesirable actions and toward the desirable.(technical assistance) Control management is
essential because it helps to check errors and implement corrective action, minimizing deviation
from standards, and keeps your management on track. With such a framework in place, your
organization is much more likely to hit its goals. (to provide quality education to our learners)

4. Opportunity management
Effective risk management should not be focused solely on recognizing possible failure points,
but also on learning how to best recognize and capitalize on opportunities to ensure both
interventions and future success. Make sure you create time not only to identify and deal with
risk, but also to recognize and capitalize on opportunities in your interventions. Opportunity
management may result in interesting and motivating projects that help improve teamwork.
(reward system/credits/appreciations)

5. Risk-aware Culture
This definition applies to all organizations, whether public or private, for-profit or not-for-
profit. Risk culture is the glue that binds all elements of risk management infrastructure
together, because it reflects the shared values, goals, practices and reinforcement mechanisms
that embed risk into an organization’s decision-making processes and risk management into its
operating processes. It is a capability of the organization to recognize risks before they threaten,
mitigate them when they arise and recover from the damages they may cause. In creating a risk
aware culture you will need to bring together a collective group of individuals (the
organization) to establish and maintain your culture for risk awareness. Employees must also
understand that risk and compliance rules apply to everyone as they work towards business
goals. This understanding can ensure a company “does the right thing”.

6. Table
This table sets out the suggested components of a risk-aware culture. These components are
suggested by recent UK Health and Safety Executive (HSE) research as leadership,
involvement, learning, accountability and communication. This makes the acronym LILAC.
Creating a culture where effective risk management is an integral part of the way people work is
a long term aim for most organizations.
Leadership: Good leadership is what gets people excited to work, it raises the morale, it keeps
everything and everyone on track, and it makes for a more effective and efficient business. The
people need someone in charge who can keep everything moving forward smoothly.
Involvement: The benefit of involving the stakeholders is that the risk professional can share
the value proposition of the organization with people who are equally interested in the future of
the organization although in some cases for different reasons.
Learning: Developing and maintaining the right culture requires knowledge, understanding and
skills. This can be acquired in a number of ways including: life experience; work experience
and informal learning; and structured training. In order to practice good risk management, staff
must be risk aware and risk must be well understood. Trainings can help your team to recognize
and understand how managing their risk benefits them, their performance and the broader
enterprise.
Accountability: Accountability in the workplace means holding employees and executives
responsible for accomplishing goals, completing assignments, and making decisions. Creating a
culture of accountability helps ensure that employees show up for shifts, understand what’s
expected of them, and meet deadlines. Accountability structures hold everyone in the
organization responsible for their fulfilling their duties. But accountability isn’t just about
punishment and negative consequences. A healthy culture of accountability will help employees
be more productive, creative, and able to contribute to furthering organizational goals. It will
allow employees to take ownership of their work and build trust between team members at all
levels of the organization.
Communication: Risk communication: “Exchanging thoughts, perceptions, and concerns about
hazards to identify and motivate appropriate action.” The ultimate goal of risk communication
is to get someone to take an action to reduce their risk from hazards. It starts with recognizing
that your audience will be made up of individuals with a different understanding of risks, what
actions to take, and readiness to take those actions. How you approach people will vary—some
people are not aware of their risks, while others are aware but do not know what actions to take.
Behavior change can be a slow process, but even a small step (like your audience talking about
their concerns) is a win.

The awareness campaign could include all of the LILAC components and may extend to:
 risk awareness training awareness poster campaigns
 site inspections arrangements for reporting defects
 leaflets and brochures allocation of responsibilities
If an organization decides to raise awareness of security issues, it may decide to launch a
campaign to focus on the risks and the relevant controls. The campaign should use more than
one means of communication if it is to be successful. If you want employees to participate in
managing and mitigating threats, start by equipping them with a basic knowledge and language
of risk. Explain the benefits of risk management and make clear how to spot potential issues,
assess the possible impact, and determine what can be done to mitigate threats. Cultivating
awareness and understanding of risk will make it much easier for stakeholders to see that
reducing risk is in everyone’s best interests, not just the company’s.

7. How to start building a risk-aware culture

Educate all employees about risk. If you want your stakeholders to participate in managing
and mitigating threats, start by equipping them with a basic knowledge and language of risk.
Explain the benefits of risk management and make clear how to spot potential issues, assess the
possible impact, and determine what can be done to mitigate threats. Cultivating awareness and
understanding of risk will make it much easier for stakeholders to see that reducing risk is for
everyone’s best interest and not just the organizations. (focus group discussion)
Clearly communicate what’s expected. Have a clear, well-defined process for reporting risks.
Ensuring that your team members know what’s expected of them is key in being able to lead an
efficient, successful and happy team. If school head are unclear in communicating how things
should be done, it can lead to stakeholders being confused, unmotivated and disengaged. To
communicate your expectations clearly, you must know what you want from people and set
them realistic, and reasonable tasks. After this, it all comes down to communication: the ability
to lay down exactly what you want and need, and make sure your team can align with it.
Break down silos. Silo mentality is characterized by individuals or divisions that withhold
information from others in the organization for various reasons, which might include power
struggles, fear, organizational inefficiency, or simply because they don’t take the effort to
update shared information. Effective strategies that break down the silo mentality include
creating a unified vision, working toward common goals, cross-department education, work,
and training, and communicating often evaluating compensation plans.
Assign responsibility for managing specific risks. The risk committee should also identify
the individual who is most closely connected to each risk—and hold that person accountable for
its management. When everyone knows who is responsible for what, there’s much less of a
chance that something important will fall through the cracks because everyone thinks handling
it must be someone else’s job.
Establish incentives. Baking incentives and risk management expectations into performance
plans gets people thinking regularly about risk and what they can do to help correct issues
within their control. (reward system or appreciation to motivate)

8. Qualitative methods are particularly helpful in understanding the context of phenomena and
how they affect individuals and groups. They are also useful for investigating topics about
which little is known. In this way, qualitative measurements can be used to develop hypotheses
or specific questions about a topic. Qualitative measurement methods are especially good at
answering the questions, “How is change happening?” and “Why is change happening?”

9. A quantitative method is measurement of data that can be put into numbers. Collect data
that can be counted and analyzed statistically to calculate percentages, averages, ranges,
variances and more.
These methods are especially good at collecting data that tells you what is happening with the
project, answering questions such as “how many,” “how much” and “how often.” They also
help identify who the project is interacting with and supporting.

10. The concept of risk maturity is one that has largely developed outside of the academic
realm. It has come to be understood as the measure adopted by organizations to help them better
understands their overall risk position including the value created from risk management
initiatives. Despite lacking a clear or universal definition, risk maturity is a concept that is
becoming better understood (and ultimately finding favor) amongst senior management.
Level 1 organizations are unaware of the need for the management of risk or do not recognize
the value of structured approaches to dealing with uncertainty. Management processes are
repetitive or reactive, with insufficient attempt to learn from the past or to prepare for future
threats or uncertainties.
Level 2 organizations are aware of the potential benefits of managing risk, but have not
implemented risk processes effectively and are not gaining the full benefits. The organization is
either experimenting with the application of risk management or is operating a risk management
process that has fundamental weaknesses.
Level 3 organizations have built the management of risk into routine business processes and
implement risk management throughout the organization. Generic risk management processes
are formalized and the benefits are understood at all levels of the organization, although they
may not be consistently achieved.
Level 4 organizations have a risk-aware culture with a proactive approach to risk management
in all activities. As a result, the consideration of risk is inherent to routine processes. Risk
information is actively used and communicated to improve processes and gain competitive
advantage.

11. The primary aim of the awareness campaign was to make staff realize their responsibilities
towards risk, whilst at directorate level the introduction of risk registers has been collaborative
and inclusive. Strategically, further development of the corporate risk register aims to bring
tighter control of risk and provides comprehensive evidence and assurance to the board that
risks are managed.
12. This will be especially true when areas of weakness in the level of risk awareness have been
identified. When undertaking actions to improve the risk culture within an organization, it is
important to acknowledge that improving the risk management processes must lead to
improvements in risk management outputs. This, in turn, should have a positive impact that
delivers greater benefits from risk management.

13. Every organization is different. That is why it is important to evaluate risk culture and make
necessary adjustments to shape it over time in response to change. When an organization‘s
culture is risk aware, people know their risks, are comfortable discussing their risks with others,
and are willing to help others resolve risks.