Course code

  • Category:
  • Document type:
  • Level:
  • Page:
  • Words:

Risk Management Process


2.0 Part

2.1 Risk Management Process

The proposed risk management process is based on ISO 31000:2009 and PMBOK. The key stages of risk management processes include:

2.1.1 Communication consultation.

The first process entails a continuous communication and consultative process with the external and internal stakeholders. For instance, the identified stakeholders in case include the nurses, patients and the patient’s family members, who are engaged consultatively to deliberate on the possible risks associated with health care. Discussions were carried out with the mentally ill patients regarding potential dangers that they were likely to cause to themselves if they did not adhere to the clinical practices that they were supposed to undertake.

2.1.2. Establishing the context:

In the second stage, the context within which the external and internal risk management process will occur is established. Additionally, the context for risk evaluation criteria and description of the analysis structure is created. At this stage therefore, the external and internal parameters were considered to determine scope of the risk to the patients and medical practitioners. It was established that patient’s lack of insight and adherence to preset treatment plans expose them to greater symptoms in the hospital setting and outside the hospital.

2.1.3 Risk identification

In the third, the several variable to be established include why, where, when and who an occurrence of the risk would hinder the realisation of the project objectives. Only the patients and nurses were interviewed at this stage. This helped discover that the major risk that the service provision encounters is that patients lack insight and adherence to preset treatment plans that are intended to reduce of some symptoms. The symptoms contribute to hazardous health implications to the patients. This forces the medical practitioners to make decisions behalf of the patients. There is also the risk of bias on the part of caregiver while making critical decisions on behalf of the patients.

2.1.4 Risk analysis

In the third stage, the existing controls are identified and evaluated. At the core of this stage is assessing the probability of the risks that have identified. The possibility, consequences and the degree of risks the symptoms contributing to dangerous health implications to the patients, and the risk of bias on the part of medical practitioner are therefore determined and evaluated. The likely consequences of the risk and the extent to which the patients are exposed to the risks are determined. The risk matrix was selected as a decision tool as it is suitable for determining the probability of risk, as it brings about the likely negative consequence or losses from the risks. The risk matrix is also appropriate for determining the two attributes of adverse events, such as the likelihood or consequence. It also allows the risks to be evaluated against the critical risks, high risks, moderate risks, low risk, as well as very low risk. (Thomas et al. 2014).

2.1.5 Risk evaluation

The fourth stage consists of comparing the determined degrees of risks against predetermined criteria. A balance between negative consequence and likely advantages is determined to allow decision-making on the type and level of treatment needed, as well as the priorities. For instance, the risk of inability by patients to comply with the clinical plans set for their healing and their lack of insight are assessed. The mentally ill patients who are at a high risk of causing harmful effects are also isolated and the risk management procedures applied on them.

2.1.6 Risk treatment

At this stage, the specific cost-efficient strategies are developed and applied. The action plans to mitigate the likely adverse effects of the risk and maximise the likely benefits are also identified and developed (Sai Global 2007).

2.1.7 Monitoring and review

In the last stage, the effectiveness and suitability of the risk management process are constantly monitored and reviewed, as it is an iteration process. This is specifically crucial, as it makes sure that continuous improvement of the condition is maintained to make sure that the changing situations do not change the priorities.

3. Part 3

It is acknowledged that the effectiveness of the risk management is contingent on the effectiveness of the risk management process suggested, which provides the basis and framework. However, there are issues with the risk identification stage (section 2.1.3) and the evaluation stage (section 2.1.5), as they centred on the patients and nurses’ perspective, hence limiting the applicability or generalisability of the risk management process on different scenarios.

Risk identification

Section 2.1.3 could be more effective when it laid grounds for a situation where risk identification is undertaken within the context of full consultation among the medical practitioners, the patients, as well as the caregivers, visitors to the hospital as well as outsiders. The risk identification process should have been made to help disclose internal and external hazards from sources that could be disregarded during the consultative process. Indeed, a major limitation of Section 2.1.3 is that it limited the consultative process to patients and nurses. Currently, it cannot help identify the risks which may come about after the ongoing risks have been managed.

Therefore, it would be more effective in identifying more risks if it has focused on identifying the external and internal factors by reviewing the current and past health and safety information sources or literature. These may include the local accident records in the hospital, as well as the information regarding the risks from scholarly works that have been published in authoritative sources, as this help in gaining deeper insight into the risks linked to the risk in question. This will help identify the likely patient-related risk factors that could then be categorised into several factors, such as age, functional dependence, types of conditions and income levels. It can also help identify the procedure-related risk factors, which are as significant as the patient-related factors. They may include the duration of stay in the hospital, the amount of staff at the hospital and the ability of the medical staff to communicate effectively with the patient (Qaseem et al. 2006). The Food and Drug Administration (FDA) (2014) also suggests that in such situations where the risk information for patients have to be identified, research should also be conducted on the existing literatures to identify the existing states regarding the risks.

It should as well stress on identifying the risks linked with the risks that have to be examined. Indeed, Qaseem et al. (2006) suggest that as an overture to risk assessment, it is crucial to identify the factors that contribute to the risk by reviewing the current and past health and safety information, including local workplace accident records as well as the information regarding the risks from scholarly works that have been published in authoritative sources, as this help in gaining deeper insight into the risks linked to the risk in question.

Additionally, while Section 2.1.3 recommends continuous communication and consultation, it fails to mention the roles of the parties involved, hence leading to risk communication. The risk communication may hinder the effectiveness of the communicative process by encouraging confusions. According to FDA (2014), it is significant that the risk management process identifies the specific objectives and activities of each stakeholder involved. One reason for this is because the appropriate and consistent concerns have critical positive implications for nearly all dimensions of the risk management process, priority areas and ultimately designing it to directly address or supporting their needs.

Risk Evaluation

Section 2.1.5 should also be adjusted to effectively evaluate the likelihood of the risks happening, as well as the likely consequences. It is anchoring in two key factors, including the possible severity or consequences of the illness contributing to the risks, and secondly, the likelihood that problems of nurse or patient bias and attitude may actually happen. Bias and attitude may hinder the objectivity of the evaluation process (Security Standards Council 2012).

However, it appears to be mainly focused on identifying, classifying and, and weighing the identified risks, yet does not appear to be actively intent on managing the uncertainties linked to achieving the goals of the healthcare provider. Indeed, because of the seemingly extensive focus on risk quantification, the risk management process appears to be the “end” rather than the “means.” This may bring about the misleading belief that quantifying the risk exposure across the entire hospital is practicable, while failing to consider developing an all-encompassing risk model is not feasible. A similar view is presented by Pooter (2013) when he argues that by extensively focusing on risk quantification during the risk management process, the risk assessment process may bring about the misleading belief that quantifying the risk exposures across the entire organization is possible, although it fails to develop an all-encompassing risk model. In his view, defining the correlations among many risk factors is difficult, as critical data may be mission. In such situations, risk assessment would only lead to mere opinions (Pooter 2013).

Therefore, for the risk assessment to be effective, it should not merely lead to opinions regarding the future. This is possible when it recommends analysis that are not affected by personal preferences, individual’s current and past experiences, as well as the personalities of the people involved. According to Duijm (2015), risk evaluation processes should not be tainted by factors linked people past experiences or personal knowledge, or even be one-sided.

Therefore, in order to establish the degree to which the health care provider is ready to address the risks in future, the assessment and analyses should include issues that may assist in helping realize the organisation’s objective of improving health care provision (opportunities) as well as the risk factors that may hinder the realization of the objectives. The risk management should be able to convince the business managers of the proactive, as well as an integrated approach for determining the risks.

The FDA (2014) recommends that in order to improve the risk evaluation process when determining risk management strategies for patients at risk, research should be conducted on related researcher, and the findings compared to the risks identified. The risk evaluation should have leveraged extra data sources. According to the FDA (2014), in clinical setting, risk evaluations is likely to benefit more when it employs extra data sources like health records and empirical researchers and applies the information it gleans from such sources to modify its risk evaluation strategy. In this way, it would have been possible to develop a more highly reliable standardized methodology for addressing the risk quantification process and its outcomes.

Additionally, feedback should be sought from health care intervention experts, and other health care practitioners to lay grounds for opportunities for improving on the processes, format, content, tools, and techniques for effective evaluation.


Duijm, N 2015, “Recommendations on the use and design of risk matrices,” Safety Science, vol 76, 21–31

Food and Drug Administration 2014, Standardizing and evaluating risk evaluation and mitigation strategies (REMS), reviewed 12 May 2016, <>

Pooter, M 2013, 10 Ways to improve risk management, viewed 11 May 2016, <>

Qaseem, A, Snow, V, Fitterman, N, Hornbrake, R, Lawrence, A, Smetana, G, Weiss, K, Owens, D 2006, «Risk Assessment for and Strategies To Reduce Perioperative Pulmonary Complications for Patients Undergoing Noncardiothoracic Surgery: A Guideline from the American College of Physicians,» Annals of Internal Medicine, vol 144 no 8, pp.575-580

Sai Global 2007, Risk Management Guidelines Companion to AS/NZS 4360:2004, viewed 11 May 2016, <>

Security Standards Council 2012, Information Supplement: PCI DSS Risk Assessment Guidelines, viewed 12 May 2016, <>

Thomas, P, Bratvoid, R & Bickel, E 2014, «The Risk of Using Risk Matrices,» Society of Petroleum Engineers, viewed 11 May 2016, <>


Course code

Figure 1: Risk management process (Adopted from AS NZS 4360 2004)