Risk management for community organisations

'Risk management' is the ongoing process by which your community organisation manages real and perceived risks involved in running all aspects of your operations. It involves systematically identifying threats (risks) to your organisation and developing ways to minimise or prevent them from occurring. Use this page to find out about types of risk, the risk management process and access resources and support.

What is a 'risk'?

A 'risk' is anything untoward that happens that can affect your organisation's objectives and operations by creating exposure to potential loss, harm, or damage.

Why undertake risk management?

Community organisations face increasing risk of litigation and need to provide protection for their volunteers, members and participants. The Civil Liability Act (Qld) recognises this increasing risk and provides protection by limiting the exposure to liability (in certain circumstances) for volunteers within community organisations. Whilst this legislative protection is in place, it is important that your organisation consciously deals with risks by both transferring the risks to a third party through insurance and adopting strategies and behaviours that reduce risks.

Your organisation is already practicing risk management to some degree, but it is critical that it is formalised. Documentation is an essential component of managing risk.

By accepting there are risks and developing a risk management plan with involvement from your members, you ensure the viability of your organisation and limit your exposure.

Identifying potential risks and creating a risk management plan for your organisation:\

  • is good business and management practice
  • assists with strategic planning
  • reduces unexpected and costly suprises
  • enables more effective and efficient allocation of resources.

Actively managing risk also helps your organisation to:

  • clearly define insurance needs
  • comply with regulatory requirements
  • prepare for auditing
  • ensure the safety of your members and others within your operations
  • make good decisions
  • balance opportunity and risk.

Types of risk

Risk can be:

  • physical - injury or damage to a person/s or property
  • legal - breaching legal obligations
  • moral/ethical - harm to your organisation's reputation
  • financial - loss of your assets.

Examples of risk include:

  • injury to a volunteer, staff member, spectator or participant
  • equipment failure
  • theft of property
  • loss of data/records
  • a decline in the number of volunteers
  • decline or loss of income sources
  • attracting too many participants to an event
  • discrimination or harassment
  • negative publicity
  • damage to the environment.

When developing your risk management plan, you should consider all areas of your operations including finances, administration, management, facilities, equipment, health and safety, event management, people and legal obligations (regulations, contracts, duty of care).

The development of adequate and effective processes, procedures and monitoring systems are an essential part of your organisation's risk management plan, along with insurance. They should also comply with relevant standards and legislation.

A treatment measure may be to prepare a preventative maintenance schedule for your facilities.

To comply with the national privacy principles detailed in the Information Privacy Act 2009 (Qld), a privacy policy should be developed as part of your overall risk management plan.

Ensure you complete a risk assessment for any new project, event or competition that you plan to deliver.

Risk management process

The risk management process involves eight key steps.


Establish the context

Determine the:

  • scope of risk management required
  • aims and objectives of your risk management plan
  • how your plan will be managed (resources)
  • risk assessment process and criteria.

You can also develop a risk management policy.


Identify the potential risks

This can be done through previous experience and records, brainstorming, reports, audits and other recommendations, listing what could happen (including the possible causes and scenarios).


Assess the risks identified

Consider the likelihood of a risk occurring, possible consequences, existing risk management strategies and the level of the risk 

A risk severity matrix can be helpful to determine the level of each risk - likelihood (low/high) and consequences (low/high).

For example:

This is an example of a risk severity matrix.
Risks withLow likelihood of occurringHigh likelihood of occuring
Low consequences for organisationLow riskModerate risk
High consequences for organisationModerate riskHigh risk

Decide to accept, treat or transfer each risk


Determine treatments for all unacceptable risks

Note - your organisation may already have a number of treatments in place.

For each risk that needs treatment, determine what needs to be done, the resources required, who is responsible, and when the treatment needs to be completed and reviewed. To treat and control potential risks, you can implement measures to reduce the likelihood (including new ways of doing things), reduce the consequence, transfer the risk (i.e. by using insurance), accept the risk or avoid it. Treatment may include implementing policies, erecting signs, providing training, replacing equipment, or purchasing insurance.


Formalise your risk management plan and communicate

Document your risk management strategies and communicate them to everyone in your organisation. This may include appointing a risk management officer, specific education and training, and including risk management as a committee meeting standing agenda item.


Implement your treatment options



Review and monitor

You should have monitoring and review mechanisms in place and update the plan with any new risks that are identified.

Resources and support

Related links

Last updated:

Brisbane City Council acknowledges this Country and its Traditional Custodians. We pay our respects to the Elders, those who have passed into the dreaming; those here today; those of tomorrow.