Event risk management (financial and non-financial)

This page has information about developing a risk management plan and register, including examples from past events.

Risk management plan

To manage event risk it's essential to focus on goals and safety — not just compliance. Effective risk management minimises potential costs and liabilities and leads to safer, more enjoyable events.

Event planners should develop a risk management plan to effectively manage risks that might impact on an event. The plan should outline all of the steps, policies and procedures that you are taking to mitigate risks.

The risk management plan should include the following sections:

  • Introduction: Outlines the background behind the risk management plan — including its purpose, the intended audience, and a summary high-level approach to risk.
  • Roles and responsibilities: Details the risk management team and the broader event team’s responsibilities for risk management.
  • Risk recording: Outlines the structure of the risk register (see below).
  • Identification: The strategies that will be used to identify risk.
  • Evaluation: Explains the methodology of analysing risks, including the risk matrix.
  • Mitigation: The strategies that will be used to mitigate risk.
  • Monitoring and reporting: Outlines how risks will be monitored and reported.

Risk management resources

Sport New Zealand website — Risk management for events(external link)

Risk Management Plan — 2011 Golden Shears World Championship [PDF, 482 KB]

Risk Management Plan – Fast5 Netball World Series [PDF, 340 KB]

Identifying risk

While identifying possible risks should take place as part of the event feasibility study, it’s a process that will be ongoing throughout the event. Risks may be either internal or external to the event, and you should assess each area of an event for risk.

You should ask to disclose the event risk registers of major stakeholders to ensure visibility of the wider risks surrounding the event.

Risk register

Record risks in a central risk register. This lets them be monitored and managed.

The risk register should be a table that includes details of:

  • each risk
  • effect
  • likelihood
  • severity
  • rating
  • mitigation/management approach
  • timeline
  • responsibility
  • risk tracker
  • comments/actions taken.

In a large event, each functional area should maintain its own register. You should consolidate these into the central risk register periodically.

Example of a risk register

Risk register/matrix — 100% Pure New Zealand Winter Games 2013 [PDF, 2 MB]

Evaluating risk

Once you have identified risks they should be evaluated and assessed. There are a number of methodologies you can use to do this. Commonly risks are assessed for:

  • Effect: An assessment of the areas the risk will impact on if it occurs.
  • Likelihood: The probability of a risk occurring.
  • Severity: The impact that the risk occurring will have on the event.

Once you have assessed these 3 areas you can give each risk a rating. The rating is usually based on a risk matrix that combines the likelihood and the severity.

Mitigating risk

You should develop a high-level approach to risk mitigation that will show how each of the identified risks will be mitigated or managed. The approach will depend upon the risk, however some common approaches to mitigating and managing risks are:

  • testing programmes
  • relationship management
  • detailed planning and preparation
  • contingency planning
  • command and control principles
  • desktop scenario planning
  • insurance programme.

Monitoring and reporting risk

Set up a risk management committee or team with regular meetings. Ideally the team will be made up of both operational and corporate staff.

The risk management team is responsible for:

  • monitoring all of the risks
  • identifying new risks
  • assessing the progress of the actions on the risk register.

Make specific people responsible for the management and mitigation of each risk, and set deadlines for all risk mitigation measures to be put in place, eg:

  • one team member should be responsible for contacting external agencies, eg the Police, local council etc to help identify external risks that may impact upon the event
  • another team member (usually the leader or facilitator) should be responsible for reporting high-level risks to management and board.

Examples of risk monitoring and reporting

Financial risk advisory sub-committee terms of reference — 2011 IPC Athletics World Championship [PDF, 70 KB]

Monthly report template - FIFA U20 World Cup 2015 [DOCX, 634 KB]

Ticketing weekly sales report template - FIFA U20 World Cup 2015 [DOCX, 575 KB]

Financial risk management template - ITU Triathlon World Championship Grand Final 2012 [DOCX, 15 KB]