Risk Assessment Policy

Introduction
OASIS Open is committed to achieving its mission while safeguarding its members, staff, assets, and reputation against potential risks. This Risk Assessment Policy outlines our approach to identifying, evaluating, and managing risks across all areas of our operations. By implementing a structured risk assessment process, we aim to minimize the potential impact of risks on our organization and ensure the continuity of our services.

Scope
This policy applies to all aspects of OASIS’s operations and activities, including but not limited to our programs, projects, events, partnerships, and use of technology.  It covers all members, staff, third party vendors, board members, and any other individuals or entities involved in our organization’s operations.

Policy Objectives

  • To identify and categorize potential risks that could affect the organization.
  • To evaluate the likelihood and potential impact of identified risks.
  • To develop and implement strategies to manage or mitigate risks.
  • To create a culture of risk awareness and proactive risk management among all staff and members.
  • To ensure compliance with legal and regulatory obligations related to risk management.

Risk Management Process

Risk Identification
Regularly identify and document potential risks that could impact the organization, including operational, financial, strategic, reputational, and compliance risks.

Risk Assessment
Evaluate the identified risks to determine their potential impact and likelihood. Use a standardized risk matrix to categorize risks and prioritize them for management.

Risk Mitigation
Develop and implement risk mitigation strategies for high-priority risks. Strategies may include avoiding, transferring, mitigating, or accepting risks, depending on their nature and potential impact.

Monitoring and Review
Regularly monitor the effectiveness of risk mitigation strategies and review the risk assessment process to ensure it remains relevant and comprehensive. Update risk assessments and strategies as necessary, especially when new risks are identified or when organizational changes occur.

Roles and Responsibilities

  • Board of Directors: Oversee the risk management process and ensure that risk management practices are integrated into strategic planning.
  • Executive Director: Ensure the implementation of the risk assessment policy, appointment of appropriate staff to roles as necessary, and the integration of appropriate risk management into all organizational activities.
  • Governance Committee (when delegated by Board): Supervise, and receive and evaluate staff reporting of, the risk management process, including risk identification, assessment, and mitigation activities.                                                                                                                         
  • All Staff: Participate in risk identification and management activities and comply with all risk mitigation strategies and procedures.

Training and Communication
Provide ongoing training and resources to staff and members to ensure they are aware of the risk management policy, understand their roles in the risk management process, and are equipped to identify and manage risks.

Policy Review and Update
This policy will be reviewed periodically or as needed to reflect changes in the organization’s operations, risk profile, or external environment.  Revisions will be made to ensure the policy remains effective and relevant.

Contact Information
For questions regarding this policy or the risk management process, please contact OASIS’s Executive Director.