It is inherent in Risk Management that the organization has to create a set of written
procedures that act as the standard by which organizational members will be able to predict,
and handle potential risks accordingly.
In these written procedures, the organizational members must be thoroughly and clearly
informed as to what risks they may face, how to face these risks (meaning, knowing what
they have to do in such situations), and who to report to within the organization when they
experience these risks.
Types of risk management forms
1. Policy and procedure manual – this is the most basic type of risk management form
that is used by organizations. It outlines the standard operating procedures and policies
that help the organization to function even when faced with risks. It also helps prevent
the organization from being saddled with costly litigation due to allegations that it acted
in a negligent manner.
2. Memos within an organizational division – this may not seem like a risk management
form but it is because it helps to keep members of the division oriented and informed about
what is happening around them. An organization that fails to communicate regularly with its
members may not be able to react to threats as soon as it should – which is why memos are
3. Incident report form – any sub-group of an organization may need this type of form,
which is generally associated with the security division. Since incidents happen throughout
and around the organization, every division will have to have some type of incident report
form to use when an incident involving a perceived risk occurs.
The point of using such forms as these (and others) is to keep risks under control when
they do hit the organization so that the damage can be mitigated and eventually repaired.