Risk Assessment Policy

Risk Assessment Policy #

Source: OASIS Open Risk Assessment Policy.

Overview #

OASIS is committed to safeguarding its members, staff, assets, and reputation by identifying, evaluating, and managing risks across all operations. This policy applies to all OASIS programs, projects, events, partnerships, and technology use, and to all staff, Board members, third-party vendors, and anyone involved in organizational operations.

Risk management is not the responsibility of any single person — it requires active participation from all staff.

Objectives #

  • Identify and categorize potential risks affecting the organization across operational, financial, strategic, reputational, and compliance dimensions
  • Evaluate the likelihood and potential impact of identified risks using a standardized approach
  • Develop and implement proportionate risk management strategies
  • Build a culture of risk awareness across staff and the broader OASIS community
  • Ensure compliance with legal and regulatory obligations related to risk management

Risk Management Process #

Risk Identification — Risks are identified and documented on a regular basis. Any staff member who identifies a potential risk — operational, financial, strategic, reputational, or compliance-related — should raise it with their manager or the (Interim) ED promptly.

Risk Assessment — Identified risks are evaluated using a standardized risk matrix to determine their potential impact and likelihood. Risks are prioritized for management based on this assessment.

Risk Mitigation — Strategies are developed and implemented for high-priority risks. Depending on the nature and impact of a risk, the response may involve avoiding the risk, transferring it (e.g., through insurance), mitigating it through controls, or accepting it with documented rationale.

Monitoring and Review — Risk mitigation strategies are monitored for effectiveness on an ongoing basis. The risk assessment process is reviewed regularly and updated as organizational changes occur.

Roles and Responsibilities #

Board of Directors — Oversees risk management and ensures it is integrated into strategic planning.

(Interim) ED — Ensures policy implementation and integrates risk management throughout the organization.

Governance Committee — Supervises risk management activities and evaluates staff reporting on risk.

All Staff — Participate in risk identification, comply with mitigation procedures, and report emerging risks as they are identified.

Training #

OASIS provides ongoing training and resources to ensure staff understand the policy, their roles, and how to identify and manage risks effectively. Participation is required.

Policy Review #

This policy is reviewed periodically or as needed to reflect operational changes, evolving risk profiles, or external environment shifts. Contact the (Interim) ED with questions about the risk management process.