Risk Management

Dice on blue background
Photo by Markus Winkler on Unsplash

Being prepared for an emergency or a large scale disaster begins with the intent to prevent or reduce the negative impacts of risk scenarios. Therefore, we should start by discussing risk management to provide a foundation for the later sections on emergency planning, preparedness, response and recovery.


Please start reviewing the following definitions cited in the Emergency Management Planning Guide (Government of Canada 2010-2011).




A hazard is a potentially damaging physical event, phenomenon or human activity that may cause the loss of life or injury, property damage, social and economic disruption or environmental degradation. (An Emergency Management Framework for Canada. Public Safety Canada)



The combination of the likelihood and the consequence of a specified hazard being realized; refers to the vulnerability, proximity or exposure to hazards, which affects the likelihood of adverse impact. (An Emergency Management Framework for Canada. Public Safety Canada).


Risk assessment

A process that involves information collection and in which values to risks are assigned for the purpose of informing priorities, developing, or comparing courses of action, and informing decision making. (DHS Risk Lexicon. Department of Homeland Security).


Risk management

The use of policies, practices and resources to analyze, assess and control risks to health, safety, environment and the economy. (An Emergency Management Frameworks for Canada. Public Safety Canada).

In summary, a hazard is a potentially damaging event while “risk” reflects the combination of the likelihood and the consequence when that hazard occurs. Risk management is the process that includes, risk identification, risk assessment, risk mitigation plans, and evaluation.

Risk assessment often employs a tool referred to as a risk matrix that compares the likelihood and consequence of different risks.  The value of using an assessment tool, such as a risk matrix, is that it can help focus efforts to reduce or mitigate the risk if it cannot be eliminated.


Activity #1

Watch this video from Public Health which introduces the concept of how to use a risk matrix.

Video: Risk and How to use a Risk Matrix (5:28)


risk matrix
Risk Matrix

A risk matrix tool can be used in planning for emergencies or disasters, for example, rating the likelihood and consequences of various pandemic hazards such as staff sick calls, supply chain disruptions (PPE for example), negative pressure room access and so on. An organization may determine, through the risk matrix, that its highest risk is staffing shortage. Then significant focus on mitigation plans for staffing shortage would be developed to manage that risk.


Once the steps of hazard identification and risk assessment have been completed, then the next step is to work to mitigate the hazards that pose the most pressing or concerning risks. These mitigation plans are “control measures” implemented to control or at least reduce the likelihood of harm reaching the individual.


The matrix concept is also used to compare how well controls or mitigations can reduce the risk.  For example, risk matrix assessments are often applied to occupational health and safety situations. In assessing the likelihood, the question should be asked “If the hazard occurs, how likely is it that the worker will be injured. This should not be confused with how likely the hazard is to occur.  Using a pandemic example, the hazard is exposure to the virus. The likelihood of staff injury (illness) is unlikely or highly unlikely If the staff member was always a safe distance from a COVID positive patient AND was consistently wearing appropriate PPE. In terms of consequences, adding vaccines for the staff in appropriate PPE, reduces the potential injury level.  The matrix helps evaluate the impact of the mitigation measures (distance, PPE and vaccine).


Mitigation of the risk can be addressed at various layers of intensity, the highest level of intensity being total elimination of the risk. Because it is not always possible to eliminate risk totally, other mitigations are used to reduce the risk to the extent possible or feasible. Below is a graphic of the  Hierarchy of Controls used by the Canadian Centre for Occupational Health and Safety (CCOHS)  that can help shape the process of formulating your organization’s control measures. It is also used by the American agency National Institute for Occupational Safety and Health (NIOSH).


graphic of hierarchy of controls ranging from elimination to PPE
“File:NIOSH’s “Hierarchy of Controls infographic” as SVG.svg” by Original version: NIOSH Vector version: Michael Pittman is licensed under CC0 1.0


  • Elimination is the most effective control. If it is possible to physically remove a hazard, it must be done.
  • Substitution is the second most effective control. It proposes the replacement of the hazard with a safer alternative e.g. automating a manual process identified to be dangerous, buying a newer equipment model with better safety ratings, etc.
  • Engineering controls refer to physically isolating people from the hazard if at all possible
  • Administrative controls refer to changing the way people work. This may include procedural updates, additional training, or increasing the visibility of precautionary signs and warning labels.
  • PPE is the last line of defense if workers cannot be completely removed from a hazardous environment.


In the healthcare environment, the hierarchy of controls is often used in risk management activities related to improving patient safety. For example: Elimination controls have been used to reduce harm from high concentration drugs being administered inadvertently.  Substitution controls have included the implementation of pressure reduction mattresses to reduce pressure injuries. Engineering controls have been used in “Smart Pumps” to create hard limits on high-risk IV infusions. Administrative controls include policies, protocols, or ‘behaviour’ requirements such as face-to-face shift hand-off reports.


Mitigation of potential risks can be undertaken in response to an incident or event but is ideally undertaken proactively through planning. The proactive approach is important for prevention and is, therefore, a key tool in patient safety. In fact, Accreditation Canada requires an organization to undertake such proactive risk management activities. One standardized approach to proactive risk mitigation is through a process called Failure Modes and Effect- Analysis (FMEA).


Activity #2

Learn about Failure Modes and Effect Analyses (FMEA) as a framework for proactive risk management.

Video: An Overview of the Failure Modes and Effects Analysis (FMEA) Tool (2:19)


 Activity #3




Check Your Understanding


Icon for the Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License

Leadership for Nurses in Clinical Settings Copyright © 2022 by Dr. Kirsten Woodend, Dr. Catherine Thibeault, Dr. Manon Lemonde, Dr. Janet McCabe is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License, except where otherwise noted.

Share This Book