Skip to main content

How to Manage Risks

A vital aspect of running a public entity involves managing its associated risks, as no operations are immune to internal or external threats. A risk management plan involves implementing various techniques that can help mitigate or prevent loss.

There are multiple ways a company can organize its risk management plan, but steps commonly consist of identifying, assessing, and managing risks. Entities also need to continually monitor and review their policies and procedures to ensure their courses of action remain applicable and relevant.

Types of Risks

There are several types of risks public entities may encounter, including the following:

  • Financial risk involves the possibility that an entity may lose money, fail to make gains on investments such as pension funds, or not maintain the cash flow necessary to remain solvent.
  • Strategic risk refers to how an entity’s decision-making or overall plan may result in loss or a failure to meet objectives.
  • Operational risk relates to anything that could impact an entity’s day-to-day functions, operations or business activities.
  • Reputational risk involves threats to an entity’s good name, reputation, or standing with the public or its constituents.
  • Hazard risk refers to events that can harm
    individuals, property, or the environment.
  • Cybersecurity and fraud risks relate to events that may occur through shortcomings in an entity’s IT or security systems.
  • Compliance and legal risk refers to the losses that may arise from an entity’s failure to adhere to federal or state regulations, or their own municipal code.

Risk Management Process

While there are plenty of examples of risk, a comprehensive risk management plan is key to overcoming them.

  • Identify the risk. By carefully examining their operations, entities can discover several types of exposures that have the potential to create a loss.
  • Assess the risk. After identifying threats, entities can analyze the probability of the risks occurring and their potential severity.
  • Manage the risk. Following the risk assessment, an entity needs to determine how it will address the risks. Options include:
    • Avoidance– Elimination of the risk.
    • Modify– Mitigating a risk’s impact or lessening the likelihood of it occurring.
    • Transfer– Shifting the risk to a third-party (e.g., an insurance company) through a contract, or a hold-harmless agreement with a vendor. This can include being added as an Additional Insured on their policy.
    • Retain– Accepting the risk (or a portion of it) when the risk is deemed acceptable (e.g., it has a low likelihood of occurring or it would have a minimal impact).
  • Monitor and review the plan. A crucial part of the risk management process involves continued monitoring and reviewing of strategies to help prepare for evolving or new hazards.

Risk Management Benefits

Public entities can receive several benefits from implementing effective risk management protocols. Not only do these protocols mitigate or eliminate potential risks, but they may also lower insurance premiums, as insurers may note how they reduce the entity’s likelihood of filing an insurance claim. Insurers may also offer resources to help a business strengthen its risk management practices.

It is never too early to begin risk management planning.
Contact us today with any questions or for more information.

Please visit for more information and to view other newsletters. For additional questions, please contact your Moreton & Company representative. © 2023 Moreton & Company. This newsletter is intended to inform recipients about industry developments and best practices. It does not constitute the rendering of legal advice or recommendations and is provided for your general information only. If you need legal advice upon which you can rely, you must seek an opinion from your attorney.