The organization identifies and reduces potential loss and liability by:
Interpretation: Organizations can further support their risk management activities by developing a risk management plan that is proactive and anticipates potential risks, includes strategies for managing risks, assigns responsibility for key tasks, and includes measurable goals for reducing potential risks.
The organization annually assesses areas of potential risk, including:
Update: Revised Standard, Deleted First Interpretation, Revised Second Interpretation, Added Note - 12/01/10
RPM 2.01 Original Standard, First and Second Interpretation:
Management, with the involvement of the governing body, conducts an internal assessment of overall risk at least annually, that includes:
Interpretation: Element (d) of the standard refers to all contracts to which the organization is a party.
Interpretation: It is acceptable for the areas of known risk outlined in the elements of RPM 2.01 to be assessed separately and at different times throughout the year, e.g., at regular management meetings, as long as management and the governing body review the results of those assessments as a whole at least once a year to evaluate overall risk.
When reviewing areas of risk, elements of RPM 2.01 may be reviewed together to ensure that a genuine understanding of potential risk is achieved. For example, a review of contracting risks may include elements (a), (b), (d), (k), and (m). In another example, elements (a), (b), (e), (f), and (l) relate to human resource management, which is known to be the greatest area of potential risk for organizations.
For more information about governing body responsibilities regarding risk see GOV 6.08.
Interpretation: Although the organization should assess all areas of potential risk annually, the assessments do not need to be conducted altogether, in one sitting.
Note: The results of these assessments should be provided to the governing body, for its annual review of overall risks to the organization. For more information see GOV 6.08.
The organization conducts a quarterly review of immediate and ongoing risks that includes a review of incidents, critical incidents, accidents, and grievances related to:
Update: Added Note - 06/01/10
Note: Elements a, b and c do not apply to credit counseling organizations.
The organization reviews all incidents and accidents that involve the threat of or actual harm, serious injuries, and deaths, and review procedures:
Individuals qualified by knowledge and experience are responsible for risk prevention and management functions.
The organization informs external organizations that use its facilities of their obligation to minimize hazards and to assume liability for use of the facility.
NA The organization does not permit other organizations to use its facilities.
The organization provides, and assumes the cost of, legal assistance to personnel against whom claims are made related to lawful, authorized actions taken within the course and scope of their duties.
Interpretation: This standard does not require the organization to provide assistance to personnel who commit unlawful acts or acts that are not conducted in the course of, or in furtherance of, their employment. In addition, this standard does not require the organization to provide legal assistance to personnel if the organization’s legal counsel determines that doing so would constitute a conflict of interest.