Risk Management for Managers

• P1. Assemble a risk management team.
• P2. Identify the types of individuals and job functions that should participate in a risk management team.
• P3. Create a risk management and emergency management organizational chart.
• P4. Identify typical and probable risks to the organization across the categories defined (food safety, organizational management, financial, IT/data protection, environmental, fraud, bioterrorism, etc.).
• P5. Establish a response mechanism to the risk.
• P6. Establish documentation procedures, action, and response plans to typical risks.
• P7. Create decision making trees or other tools to facilitate action plans if needed.
• P8. Identify the role of insurance coverage and actuarial science in risk management.
• P9. Establish a threshold for what is considered by the organization to be an acceptable level of risk and in compliance with regulatory requirements and communicate this to all levels of the organization.

• P1. Conduct hazard identification.
  • a. Identify hazards associated with a product through review of historical national and international food safety recall data on comparable products.
  • b. Identify possible hazards through review of consumer complaint records.
  • c. Identify potential emerging food safety hazards through review of scientific literature or government resources.
  • d. Evaluate strategies for weather related incidents, industrial accidents, fires or loss of electricity or other utilities.
  • e. Identify sociocultural, political, economic, climactic, or environmental hazards by evaluating the news, weather forecasts and the social trends of the day.
  • f. Identify internal hazards related to finance, workforce, and business continuity by performing internal business analysis.
  • g. Identify innovation hazards by observing and participating in research and development and scanning intellectual property claims.
  • h. Identify reputational hazards to the organization, such as social media or news scandals.
  • i. Identify bioterrorism and fraud potential from human resources screening.
  • j. Perform value chain risk assessment, including supplier audits, diversification of supply chain studies, and validation of supplier inventory to ensure continuity in production.
• P2. Conduct hazard characterisation.
  • a. Evaluate the qualitative and/or quantitative nature of the potential hazards.
  • b. Define impact of the hazard based on the potential to cause harm to consumers, the organization, or the value chain.
• P3. Conduct exposure assessment for food related hazards.
  • a. Evaluate the quantitative and/or qualitative likely intake of biological, chemical, and physical hazards via food as well as exposure from other sources, if applicable.
• P4. Conduct risk characterization.
  • a. Combine the frequency or likelihood of the hazard(s) being present, with the level of impact or harm caused by the hazards to define the risk priority (low, medium to high).

• P1. Create procedures, HACCP plans or preventive control programs (for food safety risks), or other risk prevention and mitigation strategies to respond effectively to the identified risks in the risk assessment.
  • a. Identify method(s) that are efficient to detect hazards identified in the risk assessment.
  • b. Create immediate controls measures and corrective actions.
  • c. Monitor effectiveness of corrective actions and adjust as needed.
  • d. Create long term mitigation actions.
  • e. Develop decision making trees or other flow charts to anticipate and document decisions related to managing risk in advance of the risk.
  • f. Train the employees in the risk management procedures for effective implementation.
• P2. Put systems in place to deal with deviations and consequences.
• P3. Review and improve the effectiveness of the risk management approaches and controls annually.

• P1. Develop a communications outreach list related to the internal risk management organization chart.
• P2. Develop a communications outreach list related to strategic external stakeholders in food safety, regulatory, labour, environment, media, and finance.
• P3. Establish relationships and trust with key external stakeholders/opinion leaders to ensure timely and effective risk communication in the event of a crisis.
• P4. Create communications templates covering a variety of potential crisis scenarios prepared for quick editing in the case of crisis.
• P5. Demonstrate due diligence and integrity in planning and preparedness as a means of reducing negligence within the establishment.
• P6. Demonstrate humility, and empathy within risk communications, and demonstrate a proactive approach to reducing or eliminating risk in a timely fashion.
• P7. Provide media training to spokespersons identified in the organization chart.
• P8. Train employees, at all levels, on risk communication procedures established by the organization.

Managers should have the competencies to develop a continual improvement measure of the business. This includes the improvement of decision making and plan for the worst-case scenarios related to any risk identified in the organization.

• P1. Study the outcome of risk management procedures such as internal audits, external audits, inspections reports and management review reports.
• P2. Review decision-making process, planning and prioritization systems within the organization and make improvements as needed.
• P3. Allocate capital and resources efficiently.
• P4. Evaluate the worst-case scenarios related to any risk and establish preventive measures for any disaster or serious financial loss.
• P5. Conduct surveillance and foresight exercises to anticipate what may go wrong and develop a predominantly proactive versus reactive approach to risk management.
• P6. Collaborate with industry associations to leverage resources and expertise beyond the organization’s capacity.
• P7. Develop action plans to address potential impacts on the organization due to political, social, and economic instability.
• P8. Adopt a continuous improvement culture within the organization by continuously training, communicating, and evaluating the organization’s risk management system.