Risk Management: A Four-Step Framework

Risk Management: A Four-Step Framework
Risk Management: A Four-Step Framework

Business and Operations

When you consider risks to your school, you may think of intruders, active shooters, and natural disasters—now pandemics. If the pandemic (largely unforeseen and unplanned for) has proven anything, it’s that risk management must be more than a checklist that you scan once a year.

Instead, risk management must be integrated into an administrator’s daily tasks—starting with due diligence and awareness.

What Are Risks?

A risk is a threat that could adversely affect your school’s ability to deliver its mission. It is any future event that may (or may not) happen and could derail your school’s efforts to deliver on your promise to students, families, and staff.

In addition to the extremes, modern day risks can include:

  • Playground equipment safety
  • Mold remediation
  • Third-party contracts (or unlicensed vendors) and associated liability
  • Social media activity
  • Poorly maintained employee records
  • Outdated insurance policies

What Is Risk Management?

Risk management does not equate to avoiding risks entirely; that isn’t possible. It’s about forward-thinking, taking appropriate action at the right time, and ensuring you have done all you can to reduce the impact of any risk. What matters is that you have a process and a plan of action to make sure risk management is articulated and understood by your stakeholders.

The process of risk management, regardless of the threat—both the mundane and the sensational—should be addressed through your actions.

Risk management systems must be woven into the fabric of school life. Risk management should also be linked to your school’s strategic plan and strategic financial plan. Specifically, risks that would impede implementing your plan should be articulated directly. ISM recommends a four-step framework to guide you in risk management.

Step 1: Identification

Risk management relies on past experiences and your current understanding to predict what could happen—allowing you to make the best decisions for future uncertainty. Include multiple people in the process of identifying risks, and have ongoing conversations to help inform your current understanding.

Compartmentalize your risks to establish a system that works best for you. Here are some types of risk you might consider.

  • Compliance and privacy risks include potential violations of federal or state regulations that could expose your school to fines, lawsuits, or other penalties.
  • Financial risks include everything from physical assets and financial reserves to tuition, fraud, insurance, cash management, the audit process, deferred maintenance, and long-term debt. These concerns are often perceived as “back office risks” and are generally in the realm of the Board, the CFO, and the Business Manager.
  • Health and safety risks and legal hazards are familiar to most school leaders. These risks are related to legal liability and negligence, injury and property damage, the health and safety of the school population and environment, accidents, and natural disasters.
  • Human capital risks are those that involve maintaining and supporting staff and faculty. These are the risks of recruitment, retention, morale, compensation and benefits, employment practices, and faculty knowledge and skills. This category also includes changes in the work environment—a person’s response to the challenges they face in fulfilling their responsibilities presents its own set of risks.
  • Operational risks include the risks related to management of the day-to-day school program—how you implement activities and processes. You have likely seen these risks in satisfying social distance requirements on campus, establishing remote learning procedures, and managing your facilities within the COVID-19 limitations.
  • Strategic risks are related to your school’s position in the competitive market; your reputation; your mission values; your school’s academic quality and student experience; and accreditation outcomes.


Tune in to live webinars every week during the school year to get specific, research-backed insight you can immediately apply at your school.


Step 2: Assessment

Assessment helps you understand where to focus your resources in risk management. This requires careful examination and deciding what could cause harm to people (or the institution), and how to take precautions. When determining risk, ask yourself the following questions.

  • What is the likelihood the event will occur?
  • What is the severity of the impact?

Don’t over-prepare for something that is unlikely to happen, but be careful not to miss something with severe consequences that could have been easily mitigated or even prevented.

Step 3: Risk Response

After you have identified and assessed risks, you can now develop plans to reduce or minimize them. There are four common approaches to risk response.

  • Avoidance. Some risks can easily be eliminated with a few steps or processes—resolving the risk entirely.
  • Transfer. This is the principle of insurance. An example of transferring risk is contracting with a vendor or other third party. Transferring risk only serves to move your exposure from medium to low, but any reduction in liability is relevant.
  • Acceptance. This is not intuitive—realistically risk is always going to be present—but there is nothing wrong with accepting a low level of risk.
  • Mitigation. Mitigation is taking steps to reduce adverse effects of risk. Any actions you take to mitigate risk could impact the student experience and faculty. Many of the tools, procedures, and policies to mitigate risks may already exist in your school.

How Do I Mitigate Risk?

Now that you know how to identify and assess risk, it’s time to consider your mitigation plan. First, you’ll need to assemble a Risk Management Committee or team including key members of leadership and Board representatives. You’ll then want to decide how to mitigate risk using the five Ps:

  • Physical—Physical risk mitigation includes locks, security systems, fencing, lighting, panic buttons, cameras, emergency kits, and school maps.
  • Programs—Safety programs such as your process for using and tracking visitor passes, parking passes, and ID badges. Additionally, key systems, communication systems, and remote monitoring tools for distance learning fall into this category.
  • People—You likely mitigate risk primarily through training. Your faculty and staff should know the appropriate risk response, whether it is a fire drill, missing child plan, or evacuation plan. Professional development fits into this category as well. Staff likely have CPR training or are on a crisis response team. Having teachers with skills to teach remotely is a key component to help you mitigate risk in the current crisis.
  • Policies and Procedures—Written policies and procedures include protocols for field trips and athletics, concussion protocols, independent study and study abroad programs, chaperones, emergency plans, evacuation plans, and remote learning plans. One area many schools fail to consider in their policies and procedures is turnover. Review all of the skills your faculty and staff have developed this year, and how those skills may be beneficial for future pandemic-related school closures. What if you did not have policies and procedures in place to train staff and faculty?
  • Practice—Practice is vital to risk mitigation. Practicing evacuations, sheltering in place, fire drills, training and safety audits, and remote learning days are essential to keeping these skills sharp.

Step 4: Monitor and Review

Monitoring and reviewing risks is critical to ensure your risk responses fluctuate as situations change. This part of the process needs to be integrated into existing structures and systems and discussed on a regular basis. This is why having a Risk Management Team is effective—members can hold each other accountable for monitoring and review.

A regular, systematic approach based on the risk cycle will reduce the overall work and increase your ability to handle risk. Evaluate and explore your existing risk management plan or design your Risk Management Team by self-evaluating. Ask yourself these questions.

  • Do we have a formal risk management process?
  • Is our process explicitly linked to strategic objectives?
  • How do we categorize risks?
  • Is our risk assessment robust?
  • What is our approach to risk?
  • Are our lines of accountability clear in terms of risk management?
  • How do we communicate management action?
  • How does our Board support risk management in terms of scrutiny and challenge?
  • How do we keep our risk management process objective?
  • How do you determine whether a risk has been resolved?

Risk management can feel like a burdensome administrative process. However, when well-implemented, it can help protect the school, the staff, and the students—saving your school money, providing stability, and helping you make smart decisions about your use of time and resources.


New Heads Cohort: Fall Semester

Feel confident in your new Headship with strategies and tactics backed by research and used by successful Heads. Engage in monthly group sessions and one-on-one meetings with ISM Consultant Shannan Schuster from August through January to ensure your first years as a Head are successful.



Upcoming Events

8/19/2021 — 1/20/2022


New Heads Cohort: Fall Semester

Status: Open


11/3/2021 — 11/6/2021


25th Annual Heads Retreat

Status: OpenLocation: San Antonio, TX


More Events

  • workshop 10/6/2021 — 10/8/2021

    Summer Program: An Asset to Your School

  • workshop 10/18/2021 — 10/19/2021

    How to Build and Implement an Extraordinary Major Gifts Program

  • workshop 10/25/2021 — 10/27/2021

    School Hiring Mastery: How to Create and Implement a Mission-Driven Hiring Plan