Skip to Content

Five Steps to Building a Risk Control Plan

Originally Published in the Illinois Municipal League Review | May 2022

It is no secret that the public sector faces a set of unique risks and challenges when it comes to designing a public entity risk control plan, however, certain fundamentals can provide a blueprint to building that plan effectively.

Here are five steps that will show you how to find that initial information, use it to establish a formal plan and measure its success.

1. Analyze Claims Data

The past is one of the greatest indicators of the future. The best place to start is to get a snapshot of what lagging safety and risk mitigation has produced in the form of losses or claims. This helps to identify your risks.

When reviewing, gather a minimum of 48 months back from the most current claims data available. In this context, “analyze” means to determine which categories of claims are the most frequent and/or severe. The severity of claims is measured in the dollar amount of the loss.

Be sure to analyze claims data in all areas of risk management, including (but not limited to) workers’ compensation, auto liability, general liability, employment practices liability, law enforcement liability, cyber and property risks.

Comprehensive claims data analysis will clarify which areas to prioritize when building your risk control plan. You may have to request additional information from your finance department to get a clearer picture of losses or claims that are not covered by insurance or included in claims reports from your insurance carriers or third party administrator.

2. Identify Weaknesses in Your Program

There are financial and human costs to maintaining the status quo and failing to adjust your risk management program when weaknesses are identified. Strengthening your program should be strategic, tactical and focused on what can be accomplished in both the short and long term.

As some of us know, claims and subsequent losses are going to occur regardless of the strengths of any safety or risk management program. It is those moments where program weaknesses meet risks that ultimately lead to losses. In the insurance industry, we refer to these moments as “residual risk” — meaning the risk that remains regardless of all the efforts and progress made with your safety and risk management program.

If claims continue to surface frequently in certain areas, this usually indicates residual risks, and there are additional opportunities to strengthen areas of your risk management program. Residual risk can be measured using a risk assessment matrix as mentioned above. Ultimately, assessing risks on an ongoing basis can lead to stronger and more effective risk mitigation.

3. Define Plans and Goals

After analyzing the categories, frequency and severity of your claims/losses, the next step is to define and articulate what the plan intends to accomplish and within what time frame. The plan may also be related to some measurable goal within your organization. For example, has your organization set a goal to reduce workers’ compensation losses and/or reduce costs associated with workplace motor vehicle accidents? Your risk control plan should address those goals.

The plan should also address its impact on multiple operations within your organization; therefore, it is critical to involve them in the planning process. The best plans are built when multiple stakeholders own a part of the risk control plan and realize the effects that the lack of safety and risk management can have on the organization.

A good tool to use when involving multiple stakeholders in risk control planning is a risk assessment matrix. A quick Internet search offers many risk assessment matrix templates online to download. This tool can put into perspective what operations and loss areas are the most risky in terms of the frequency, severity and likelihood of claims.

4. Obtain Employee Buy-In

Understanding how to build buy-in is essential to creating an effective safety program. Without engaged employees, a safety program can struggle to progress beyond top-down compliance to become a strong and sustainable safety culture.

Start by ensuring that safety is a core value, which includes making it a cornerstone of business operations and goals, comprehensive and central to day-to-day activities and proactively communicated to all members of the company.

Further, when employees are taking ownership and responsibility for overall safety, everyone is accountable. In this regard, blame is not placed on one individual or group, and the focus is put on finding solutions that impact everyone. Accountability in the workplace includes measuring and evaluating performance in everyday safety practices.

Employees must be empowered and responsiveness must be valued. When employees feel comfortable sharing feedback, and when that feedback is acted upon to make timely changes, it becomes much easier to encourage on the-job safety. If this is accomplished, employers may find that employees are more willing to take initiative to recognize and correct issues or hazards that they identify.

Overall, working towards a common safety goal should be a collaborative effort, which highly affects the level of commitment that all employees feel towards driving a positive safety culture.

5. Measure Return on Investment

Being able to measure your return on investment in risk control is beneficial because it can give a basic measurement to forecast future projects, give insight to current projects and how to improve efficiency and effectiveness. Ask the following questions:

  • Did you reduce the frequency of exposure?
  • Did you reduce the likelihood of a loss?
  • Did you mitigate the severity of injuries?
  • Did you make it easier for workers to physically perform their jobs?
  • Did you educate the workforce?
  • Did you effectively motivate the workforce to perform safely?

These results can help to gauge the efficacy of your current program and show the benefits of investing in your employees’ safety.